verifiedemail-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires calling RUBE_SEARCH_TOOLS against the external MCP endpoint (https://rube.app/mcp) to fetch tool slugs, input schemas, recommended execution plans and related runtime descriptions which the agent must read and act on, exposing it to untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires runtime interaction with the Rube MCP endpoint at https://rube.app/mcp (used via RUBE_SEARCH_TOOLS, RUBE_MANAGE_CONNECTIONS, and RUBE_MULTI_EXECUTE_TOOL), which executes remote toolkit operations and therefore can directly control agent behavior/execute remote code.