webscraping-ai-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- External Dependencies (MEDIUM): The skill instructs users to configure an MCP server using the endpoint
https://rube.app/mcp. This domain is not included in the list of trusted external sources. Since the server provides the tool definitions and schemas, it exerts significant control over the agent's available actions. - Indirect Prompt Injection (LOW): The skill's primary function is web scraping, which involves processing data from arbitrary external websites.
- Ingestion points: Data retrieved from websites via the
webscraping_aitoolkit. - Boundary markers: None specified; there are no instructions for the agent to treat scraped content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill utilizes
RUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCH, providing the agent with the ability to execute a wide range of follow-up tasks based on the scraped input. - Sanitization: No evidence of sanitization, filtering, or validation of the ingested web content.
- Dynamic Execution (MEDIUM): The workflow relies on
RUBE_SEARCH_TOOLSto dynamically discover tool slugs and input schemas at runtime. This 'just-in-time' discovery mechanism allows the remote server to modify the agent's execution logic dynamically, which could be exploited to trigger unintended tool calls viaRUBE_MULTI_EXECUTE_TOOL.
Audit Metadata