pipedrive-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the Rube MCP server at
https://rube.app/mcp. This is an established endpoint for Composio's Rube MCP bridge and is documented here as the standard method for accessing Pipedrive automation tools.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it retrieves and processes untrusted data from Pipedrive CRM records.\n - Ingestion points: External content enters the agent's context through tools like
PIPEDRIVE_GET_ALL_NOTES,PIPEDRIVE_GET_DETAILS_OF_A_PERSON, andPIPEDRIVE_GET_DETAILS_OF_A_DEAL.\n - Boundary markers: The skill does not define specific delimiters or provide instructions to the agent to disregard potentially malicious commands embedded within retrieved records.\n
- Capability inventory: The skill has extensive write and update permissions, including the ability to manage deals, contacts, organizations, and activities within the linked Pipedrive account.\n
- Sanitization: The retrieved data is processed directly by the agent without any explicit sanitization or validation logic defined in the skill instructions.
Audit Metadata