dialpad-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to configure an external MCP server endpoint (https://rube.app/mcp). This domain is not recognized as a trusted source. In the MCP architecture, the server provides the underlying tool implementation and capability definitions.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The agent is configured to dynamically fetch 'recommended execution plans' from an untrusted external source at runtime. This allows the remote server to dictate the agent's behavior and sequence of operations, effectively providing remote logic control.
- [DATA_EXFILTRATION] (LOW): The skill facilitates the transfer of Dialpad communications data and account access through an unverified third-party intermediary (Composio/Rube). While this is the intended functionality, it involves routing sensitive organizational data through non-whitelisted infrastructure.
- [PROMPT_INJECTION] (LOW): (Category 8) The skill presents a high surface area for indirect prompt injection. * Ingestion points: The
RUBE_SEARCH_TOOLSoperation returns execution plans and tool schemas from an external API. * Boundary markers: Absent; the instructions explicitly command the agent to 'Always search first' and follow the returned schemas and plans without verification. * Capability inventory: The skill provides access toRUBE_MULTI_EXECUTE_TOOLandRUBE_REMOTE_WORKBENCHfor executing arbitrary tools and scripts. * Sanitization: Absent; instructions mandate the use of exact field names and types as provided by the remote search results.
Audit Metadata