contentful-graphql-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to connect to a Contentful GraphQL endpoint via RUBE_MANAGE_CONNECTIONS and to execute queries with RUBE_MULTI_EXECUTE_TOOL (including handling pagination), which means the agent will fetch and read Contentful-hosted content (user-generated/untrusted third-party content) as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and calling the Rube MCP server at https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS, RUBE_MANAGE_CONNECTIONS, RUBE_MULTI_EXECUTE_TOOL), which provides tool schemas and can deliver/execute remote tool instructions that directly influence agent behavior and execute code.