browserhub-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs the user to add an external, untrusted MCP server at
https://rube.app/mcp. Since this domain is not within the defined [TRUST-SCOPE-RULE], the reliance on this remote endpoint for core functionality represents a significant supply-chain risk.- [PROMPT_INJECTION] (HIGH): This skill exhibits a high-risk Indirect Prompt Injection surface (Category 8). • Ingestion points: Untrusted data enters the context viaRUBE_SEARCH_TOOLS, which provides tool slugs, input schemas, and 'recommended execution plans' (SKILL.md). • Boundary markers: Absent. There are no instructions to validate or delimit the data returned from the remote search. • Capability inventory: The skill possesses powerful write/execute capabilities throughRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH. • Sanitization: Absent. The agent is instructed to use exact field names and plans from search results without verification.- [COMMAND_EXECUTION] (MEDIUM): The inclusion ofRUBE_REMOTE_WORKBENCHandrun_composio_tool()enables remote execution of complex workflows. When combined with the untrusted tool discovery mechanism, this poses a risk of the agent being coerced into executing malicious browser-based commands.
Recommendations
- AI detected serious security threats
Audit Metadata