leadoku-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to call RUBE_SEARCH_TOOLS (via the external MCP endpoint https://rube.app/mcp) to fetch current tool slugs, input schemas, and recommended execution plans which the agent must read and use to decide which tools and arguments to execute, exposing it to untrusted third‑party content that can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires and instructs using the external MCP endpoint https://rube.app/mcp at runtime, and calls like RUBE_SEARCH_TOOLS and RUBE_MULTI_EXECUTE_TOOL fetch tool schemas and recommended execution plans from that endpoint which directly control agent prompts and execution.