zoho-crm-automation
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure an external MCP server using the URL
https://rube.app/mcp. This domain is not part of the trusted vendors list and represents a third-party dependency that controls the agent's available tools. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from Zoho CRM records.
- Ingestion points: Field data from Zoho CRM modules (Leads, Contacts, Accounts, etc.) ingested via
ZOHO_SEARCH_ZOHO_RECORDSandZOHO_GET_ZOHO_RECORDS(found in SKILL.md). - Boundary markers: Absent. The skill provides no instructions to use delimiters or to disregard instructions embedded within the CRM record data.
- Capability inventory: The skill possesses significant automated capabilities, including creating, updating, and converting records (
ZOHO_CREATE_ZOHO_RECORD,ZOHO_UPDATE_ZOHO_RECORD,ZOHO_CONVERT_ZOHO_LEAD), which could be triggered by malicious instructions in the data. - Sanitization: Absent. There are no mentions of escaping or validating data retrieved from the CRM before the agent processes it.
Audit Metadata