ko-fi-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to connect to and call Composio/Rube MCP toolkits (e.g., RUBE_MANAGE_CONNECTIONS, RUBE_SEARCH_TOOLS, RUBE_MULTI_EXECUTE_TOOL) for the "ko_fi" toolkit, which will fetch and iterate over Ko-fi data (a third-party, user-generated content platform), exposing the agent to untrusted external content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for automating Ko-fi (a payment/donation platform) via a dedicated "ko_fi" toolkit and requires an active Ko Fi connection (RUBE_MANAGE_CONNECTIONS). It instructs discovering and executing Ko‑Fi-specific tools (RUBE_SEARCH_TOOLS → RUBE_MULTI_EXECUTE_TOOL) which are purpose-built to perform Ko‑Fi operations (payment/donation-related actions). This is a specific payment-gateway integration (not a generic tool), so it constitutes direct financial execution capability.