hyperbrowser-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill requires a connection to an external MCP endpoint at https://rube.app/mcp. This source is not on the trusted organizations list, making it an unverifiable dependency.
- [Dynamic Execution] (LOW): The skill performs dynamic tool discovery via RUBE_SEARCH_TOOLS and executes the resulting slugs via RUBE_MULTI_EXECUTE_TOOL. This behavior is gated to LOW severity as it is the primary purpose of the automation skill.
- [Indirect Prompt Injection] (LOW): The skill exhibits an attack surface for indirect prompt injection. Ingestion points: Data enters the context via the response of the RUBE_SEARCH_TOOLS call. Boundary markers: No delimiters or 'ignore' instructions are used when processing the remote tool schemas. Capability inventory: The skill has powerful tool execution capabilities including RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. Sanitization: There is no evidence of sanitization or validation of the remote schemas before tool execution.
Audit Metadata