coda-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflows (e.g., "Search and Browse Documents", "Work with Tables and Data", and "Export Document Content") explicitly call Coda toolkit endpoints like CODA_SEARCH_DOCS, CODA_LIST_TABLE_ROWS, CODA_GET_A_PAGE, and CODA_BEGIN_CONTENT_EXPORT to fetch user-generated Coda docs/pages/tables (including exported HTML/Markdown) which the agent is expected to read and act on, exposing it to untrusted third-party content that could contain indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires adding the MCP endpoint https://rube.app/mcp and mandates calling RUBE_SEARCH_TOOLS at runtime to fetch current tool schemas that directly determine the agent's available instructions/behaviors, so this external URL is a required runtime dependency that can control prompts.