owl-protocol-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires calling the external Rube MCP (e.g., rube.app/mcp) via RUBE_SEARCH_TOOLS to fetch tool slugs, input schemas and recommended execution plans that the agent must read and act on, exposing it to untrusted third‑party content from the MCP service.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires a runtime connection to the Rube MCP endpoint (https://rube.app/mcp) and uses RUBE_SEARCH_TOOLS / RUBE_MULTI_EXECUTE_TOOL to fetch tool schemas and invoke remote tools, which means content from that URL can directly control prompts/execution.