parsehub-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill utilizes a workflow that involves dynamic discovery of tool schemas and execution plans from the remote Rube MCP server, which is an external and non-whitelisted source.
- Ingestion points: Data returned by the
RUBE_SEARCH_TOOLScall as defined inSKILL.md. - Boundary markers: Absent; the agent is instructed to follow returned schemas and field names without explicit validation or delimiters.
- Capability inventory: Access to
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, allowing the agent to perform actions based on the untrusted remote instructions. - Sanitization: No sanitization or verification steps for the retrieved tool definitions are included.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded API keys, secrets, or sensitive file paths were detected. Authentication is handled via external OAuth processes.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill configures a connection to an external MCP server but does not execute local commands, download scripts for shell execution, or install unverifiable packages.
Audit Metadata