serpapi-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill integrates with Serpapi via Rube MCP (requires an active Serpapi connection via RUBE_MANAGE_CONNECTIONS and executes searches with RUBE_MULTI_EXECUTE_TOOL), which fetches and returns open-web search results and page content from untrusted third-party websites that the agent is expected to read/interpret as part of its workflow, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires a runtime connection to the external Rube MCP endpoint (https://rube.app/mcp) and invokes RUBE_SEARCH_TOOLS / RUBE_MANAGE_CONNECTIONS / RUBE_MULTI_EXECUTE_TOOL to fetch tool schemas and execute remote tools, which can directly control agent prompts/behavior and run remote code.