triggercmd-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to call RUBE_SEARCH_TOOLS against an external MCP server (e.g., https://rube.app/mcp) to fetch tool schemas, execution plans, and other runtime data which the agent must read and act on, exposing it to untrusted third‑party content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding the MCP server https://rube.app/mcp and uses RUBE_SEARCH_TOOLS / RUBE_MULTI_EXECUTE_TOOL at runtime to discover and invoke remote Triggercmd tools, which can execute commands remotely (remote code execution risk).