cal-com-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows (e.g., SKILL.md "Manage Bookings", "Configure Webhooks", and "Manage Teams") call Cal.com toolkit endpoints such as CAL_FETCH_ALL_BOOKINGS, CAL_RETRIEVE_WEBHOOKS_LIST, and CAL_GET_TEAMS_LIST that ingest user-generated Cal.com data (bookings, webhook configs, team info and arbitrary subscriberUrl values) from the third-party Cal.com service and those responses are used to drive subsequent actions (availability checks, booking creation, webhook updates), so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and calling the MCP endpoint https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS) to fetch current tool schemas that directly determine agent behaviors and available instructions, making it a runtime dependency that can control prompts.