Clockify Automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connection to an external MCP server at
https://rube.app/mcp. As this domain and provider are not in the trusted sources list, the security and integrity of the tool definitions and logic provided by the server cannot be verified, posing a risk of supply chain attack. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) through Clockify data processing.
- Ingestion points: Tools like
CLOCKIFY_GET_TIME_ENTRIESandCLOCKIFY_FIND_ALL_USERS_ON_WORKSPACEingest data (descriptions, user names) from the Clockify API. - Boundary markers: No delimiters or safety instructions are used to prevent the agent from interpreting text within time entry descriptions as new commands.
- Capability inventory: The skill possesses the ability to create and delete entries (
CLOCKIFY_CREATE_TIME_ENTRY,CLOCKIFY_DELETE_TIME_ENTRY), which could be misused if a malicious instruction is processed. - Sanitization: No sanitization or validation of data retrieved from the Clockify API is described in the skill documentation.
Audit Metadata