gemini-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to call RUBE_SEARCH_TOOLS against the public MCP endpoint (https://rube.app/mcp) to fetch tool slugs, schemas, and execution plans that the agent is expected to read and act on, which exposes it to untrusted third-party content and possible indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for automating "Gemini operations" via a dedicated "gemini" toolkit. Gemini is a cryptocurrency exchange, and the workflow instructs discovering and executing toolkit-specific tools (via RUBE_MULTI_EXECUTE_TOOL) after connecting. Although specific function names (e.g., place_order, send_transaction) are not listed in the prompt, the skill is specifically designed to interact with a crypto platform and run its tool actions—which can include trading, transfers, and wallet operations—so it provides direct financial execution capability.