google_admin-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires passing plaintext user passwords as a required parameter (e.g., GOOGLE_ADMIN_CREATE_USER password), which forces the agent to accept and include secret values verbatim in tool calls/outputs, creating exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill explicitly requires connecting at runtime to the Rube MCP endpoint (https://rube.app/mcp) and to "Always call RUBE_SEARCH_TOOLS" to fetch current tool schemas, which directly control the agent's tool-invocation behavior and thus can alter prompts/execution.