Skills
skills/composiohq/awesome-claude-skills/scrape-do-automation/Gen Agent Trust Hub

scrape-do-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the configuration of an untrusted external MCP server (https://rube.app/mcp). This server is the source of tool definitions and execution logic.
  • [COMMAND_EXECUTION] (MEDIUM): The skill employs dynamic tool execution via RUBE_MULTI_EXECUTE_TOOL. Slugs and arguments are retrieved at runtime from the external search tool, meaning the remote server effectively controls which operations the agent performs.
  • [PROMPT_INJECTION] (LOW): The skill has a significant surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: Data entering the agent via RUBE_SEARCH_TOOLS (tool schemas, recommended execution plans).
  • Boundary markers: Absent; there are no instructions to the agent to treat the external search results as untrusted data.
  • Capability inventory: The skill can execute arbitrary tools via RUBE_MULTI_EXECUTE_TOOL and manage connections via RUBE_MANAGE_CONNECTIONS.
  • Sanitization: None; the agent is instructed to use the exact field names and types returned from the untrusted external search.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:46 PM