monday-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill routinely reads user-generated content from a third-party service (Monday.com) via endpoints such as MONDAY_LIST_BOARD_ITEMS, MONDAY_LIST_SUBITEMS_BY_PARENT and by retrieving column values and updates/comments (rendered text), so the agent will ingest and interpret arbitrary user-authored content from external accounts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires connecting to the Rube MCP server at https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS / RUBE_MANAGE_CONNECTIONS) to fetch tool schemas and drive agent actions, meaning remote content from that URL can directly control prompts/instructions or enable remote execution.