gist-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly uses the "gist" toolkit via RUBE_MANAGE_CONNECTIONS and RUBE_MULTI_EXECUTE_TOOL (discovered by RUBE_SEARCH_TOOLS) to access GitHub Gists, which are user-generated/public third‑party content that the agent would read and could contain indirect prompt injections.