outlook-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process untrusted data from Microsoft Outlook.
- Ingestion points: Data enters the agent context via tools such as OUTLOOK_SEARCH_MESSAGES, OUTLOOK_GET_MESSAGE, and OUTLOOK_LIST_EVENTS which retrieve content from a user mailbox.
- Boundary markers: There are no specific instructions or delimiters provided to prevent the agent from executing instructions found within the body or subject of processed emails.
- Capability inventory: The skill provides a wide range of capabilities including searching, reading, sending emails, and managing calendar events and contacts.
- Sanitization: No sanitization or filtering logic is described for the content retrieved from Microsoft Outlook fields.
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server endpoint at https://rube.app/mcp.
- [NO_CODE]: The skill consists entirely of documentation and does not contain any local executable scripts or binaries.
Audit Metadata