userlist-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires calling RUBE_SEARCH_TOOLS against the external Rube MCP (https://rube.app/mcp) to fetch tool slugs, input schemas and "recommended execution plans" which the agent must read and follow at runtime, exposing it to untrusted third‑party content that can influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires adding and using the external MCP server https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS / RUBE_MULTI_EXECUTE_TOOL), and those runtime responses return tool schemas and "recommended execution plans" which directly control agent instructions, so this external URL is a required runtime dependency that can control prompts.