PandaDoc Automation
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to configure an MCP server from 'https://rube.app/mcp'. As this domain is not included in the trusted source list (such as Vercel, Anthropic, or specific GitHub organizations), it is classified as an unverifiable dependency.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection as it ingests untrusted data from document files and external URLs. 1. Ingestion points: 'file' and 'url' parameters in PANDADOC_CREATE_DOCUMENT_FROM_FILE. 2. Boundary markers: Absent; there are no instructions for the agent to ignore commands within processed documents. 3. Capability inventory: The skill has the ability to set up external network notifications via 'PANDADOC_CREATE_WEBHOOK'. 4. Sanitization: No sanitization of ingested content is performed before processing.
Audit Metadata