entelligence-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires connecting to an external MCP (https://rube.app/mcp) and to call RUBE_SEARCH_TOOLS to ingest returned tool slugs, schemas and "recommended execution plans" which the agent must read and use (see "Tool Discovery" and "Core Workflow Pattern"), so third‑party content can materially influence tool execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires a runtime connection to the MCP server at https://rube.app/mcp and uses RUBE_SEARCH_TOOLS and RUBE_MULTI_EXECUTE_TOOL to fetch tool schemas/recommendations and execute remote tools, so external content from that URL directly controls agent instructions and executes code.