opengraph-io-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface identified. Ingestion points: External metadata fetched from URLs via Opengraph IO tools. Boundary markers: Absent; no instructions are provided to the agent to isolate or ignore instructions embedded in tool outputs. Capability inventory: Employs
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, which may perform actions based on untrusted data. Sanitization: No validation or sanitization of ingested content is documented. - [EXTERNAL_DOWNLOADS] (LOW): The skill directs users to connect to an external, non-whitelisted MCP server at
https://rube.app/mcpfor its primary functionality.
Audit Metadata