zoho-crm-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists exclusively of markdown documentation and tool usage instructions. It does not contain any executable code, scripts, or binary assets.
- [EXTERNAL_DOWNLOADS]: The documentation references an external MCP server endpoint (https://rube.app/mcp). This is the intended infrastructure for the skill and requires manual setup by the user.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface as it processes data from Zoho CRM.
- Ingestion points: Data retrieved via ZOHO_SEARCH_ZOHO_RECORDS and ZOHO_GET_ZOHO_RECORDS.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill documentation.
- Capability inventory: The skill uses tools for record modification (ZOHO_UPDATE_ZOHO_RECORD) and lead conversion (ZOHO_CONVERT_ZOHO_LEAD).
- Sanitization: No specific sanitization or validation of external data is described.
Audit Metadata