scrapingant-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. Ingestion points: Untrusted data enters the agent context via Scrapingant web scraping tools. Boundary markers: None are defined to separate scraped content from agent instructions. Capability inventory: The skill has access to RUBE_REMOTE_WORKBENCH (code execution) and RUBE_MULTI_EXECUTE_TOOL (arbitrary tool calls). Sanitization: No sanitization of scraped content is performed.
- Remote Code Execution (HIGH): The skill utilizes RUBE_REMOTE_WORKBENCH. Evidence: The Quick Reference explicitly mentions using a remote workbench to run tools. This environment allows for execution of code or commands on a remote infrastructure provided by Rube/Composio.
- External Downloads (MEDIUM): Requires connecting to an external MCP server. Evidence: Instructions direct users to add https://rube.app/mcp. This endpoint is an external dependency not found in the Trusted Sources list.
Recommendations
- AI detected serious security threats
Audit Metadata