sc-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly describes Rube MCP workflows (SEARCH_TOOLS, GET_SCHEMAS, MANAGE_CONNECTIONS, MULTI_EXECUTE, REMOTE_WORKBENCH/REMOTE_BASH) that connect to external apps (e.g., Slack, Discord, Gmail, GitHub and other public integrations) and ingest user-generated/untrusted content which the agent is expected to read and use to drive decisions and execute automated actions.