scrapingbee-automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): High surface area for Indirect Prompt Injection via dynamic tool discovery. The skill requires the agent to call RUBE_SEARCH_TOOLS and follow 'recommended execution plans' and 'pitfalls' provided by a remote source. * Ingestion points: Tool schemas and execution logic are fetched at runtime from https://rube.app/mcp. * Boundary markers: Absent; there are no instructions to treat the remote data as untrusted or to isolate it from the agent's core reasoning. * Capability inventory: The skill utilizes RUBE_MULTI_EXECUTE_TOOL for tool execution and RUBE_REMOTE_WORKBENCH for potentially higher-privilege operations. * Sanitization: Absent; the agent is explicitly told to use 'exact field names and types from the search results.'
- EXTERNAL_DOWNLOADS (MEDIUM): Requires dependency on an unvetted third-party MCP server. The claim that 'No API keys needed' suggests a proxy-based architecture which may facilitate man-in-the-middle data collection or unauthorized access to the scraping sessions.
- COMMAND_EXECUTION (MEDIUM): Facilitates the execution of arbitrary remote tasks and workbench operations defined by metadata retrieved from an external server without local validation or human-in-the-loop oversight.
Recommendations
- AI detected serious security threats
Audit Metadata