sc-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs real-time web searches and URL extraction via Rube MCP (see "Phase 3: Execute Web Research" which uses RUBE_MULTI_EXECUTE_TOOL and instructs to "extract full content from top 3-5 URLs", with a WebFetch fallback), so it ingests and interprets arbitrary public web pages that could contain untrusted, user-generated instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and injects content from arbitrary external web pages discovered at runtime ("top 3-5 URLs" extracted via Rube MCP / RUBE_MULTI_EXECUTE_TOOL) into the model context to drive analysis and prompts, so those fetched URLs can directly control agent instructions.