better-proposals-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires the agent to call RUBE_SEARCH_TOOLS against an external MCP (e.g., https://rube.app/mcp) and to read tool schemas/recommended execution plans from Composio (composio.dev), meaning the agent will ingest and act on content from public third‑party sites which could carry untrusted or user-provided instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires configuring and using the Rube MCP runtime endpoint (https://rube.app/mcp) to perform RUBE_SEARCH_TOOLS and RUBE_MULTI_EXECUTE_TOOL calls, which execute remote toolkit tools at runtime (i.e., remote code execution) and is a required dependency.