exa-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill requires calling RUBE_SEARCH_TOOLS against the Rube MCP endpoint (https://rube.app/mcp) to fetch external tool schemas and recommended execution plans that the agent must read and use to decide and execute tools, which exposes it to untrusted third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting at runtime to the Rube MCP endpoint https://rube.app/mcp to fetch tool schemas and recommended execution plans via RUBE_SEARCH_TOOLS and to execute tools via RUBE_MULTI_EXECUTE_TOOL, so remote content from that URL directly controls agent behavior and triggers remote execution.