webscraping-ai-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill uses Composio's "webscraping_ai" toolkit via Rube MCP (see composio.dev/toolkits/webscraping_ai and the RUBE_MULTI_EXECUTE_TOOL workflow) which clearly implies running web-scraping tools that fetch and return data from arbitrary public websites for the agent to read and process, exposing it to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting at runtime to the Rube MCP endpoint https://rube.app/mcp (via RUBE_SEARCH_TOOLS / RUBE_MULTI_EXECUTE_TOOL), and the tool schemas and execution plans returned from that server directly determine agent instructions and trigger remote tool execution, making it a required runtime dependency.