Skills
skills/composiohq/awesome-claude-skills/scrapfly-automation/Gen Agent Trust Hub

scrapfly-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The core workflow relies on the agent fetching and following 'recommended execution plans' and tool slugs from a remote API. \n
  • Ingestion points: Output from RUBE_SEARCH_TOOLS and RUBE_GET_TOOL_SCHEMAS. \n
  • Boundary markers: None present; instructions tell the agent to follow the search results to build execution plans. \n
  • Capability inventory: Access to RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH. \n
  • Sanitization: None present; the skill explicitly directs using 'exact field names and types' from search results. \n- [External Downloads] (MEDIUM): The skill instructs the user to add https://rube.app/mcp as an MCP server endpoint. This source is not on the trusted whitelist and allows the remote server to control tool definitions. \n- [Remote Code Execution] (MEDIUM): The RUBE_REMOTE_WORKBENCH tool allows for remote execution of tools. Combined with dynamic tool discovery, this allows for arbitrary remote tool execution. \n- [Command Execution] (MEDIUM): The use of RUBE_MULTI_EXECUTE_TOOL allows for operations based on instructions received from the remote search query.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:25 PM