slackbot-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The required runtime workflow calls RUBE_SEARCH_TOOLS (and then executes returned tool schemas/plans) from the external Rube MCP server, which is outsider-authored content that can include free-form text in tool descriptions/known pitfalls and thus can be ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and calling the external MCP endpoint https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS/RUBE_MANAGE_CONNECTIONS) which returns tool schemas and recommended execution plans that directly drive the agent's prompts/instructions, so this is a runtime dependency that controls agent behavior.