test-app-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires calling RUBE_SEARCH_TOOLS against the external Rube MCP endpoint (https://rube.app/mcp) and reading tool schemas/recommended execution plans from composio.dev/toolkits/test_app, meaning the agent ingests and acts on untrusted third-party content (tool schemas/exec plans) at runtime which could carry indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires a runtime connection to the MCP endpoint https://rube.app/mcp which provides RUBE_SEARCH_TOOLS/RUBE_MULTI_EXECUTE_TOOL functionality (fetching tool schemas and invoking remote tools), meaning remote content from that URL can directly control prompts/instructions and execute code.