bench-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill requires calling RUBE_SEARCH_TOOLS against the external Rube MCP server (https://rube.app/mcp) to fetch tool slugs, input schemas and recommended execution plans that the agent must read and act on (per the SKILL.md workflow), so untrusted third‑party content could directly influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires configuring and using the MCP endpoint https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS / RUBE_MANAGE_CONNECTIONS / RUBE_MULTI_EXECUTE_TOOL), which returns tool schemas and execution plans that directly control what the agent prompts and executes.