html-to-image-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires connecting to an external MCP server at https://rube.app/mcp. While this is a remote dependency not on the trusted list, it is the primary purpose of the skill and necessary for its functionality.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill processes HTML content provided by users or external sources to generate images, which could contain malicious instructions designed to influence the agent. Evidence Chain: 1. Ingestion points: HTML input provided to conversion tools. 2. Boundary markers: Absent in the skill instructions. 3. Capability inventory: Execution of remote tools via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. 4. Sanitization: Not specified in the skill definition.
Audit Metadata