espocrm-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly requires calling RUBE_SEARCH_TOOLS against the Rube MCP endpoint (https://rube.app/mcp) to retrieve tool slugs, input schemas, and recommended execution plans that the agent must read and act on, which are untrusted third-party responses that can materially influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires connecting at runtime to the Rube MCP server (https://rube.app/mcp) and calls RUBE_SEARCH_TOOLS / RUBE_MANAGE_CONNECTIONS to fetch tool schemas and recommended execution plans which directly determine which tool slugs, arguments, and execution steps the agent will use, so the external endpoint can control agent instructions and is a required dependency.