Webex Automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The skill setup requires the installation of the Rube MCP server from
https://rube.app/mcp. This domain is not included in the trusted external sources list, making it an unverifiable dependency that could execute arbitrary logic within the agent environment.\n- [Data Exfiltration] (LOW): The toolWEBEX_WEBHOOKS_CREATE_WEBHOOKallows users to specify atargetUrlfor real-time notifications of Webex events. While this is intended functionality, it could be leveraged by an attacker to redirect sensitive organizational data or private messages to an external, unauthorized server.\n- [Indirect Prompt Injection] (LOW): The skill processes communication data from Webex, creating a surface for indirect prompt injection attacks.\n - Ingestion points: Room messages and user details retrieved via
WEBEX_MESSAGING_GET_MESSAGE_DETAILSorWEBEX_PEOPLE_LIST_PEOPLE.\n - Boundary markers: No specific delimiters or safety warnings are defined to isolate external message content from system instructions.\n
- Capability inventory: The skill can send messages, manage team memberships, and create webhooks, providing a high-impact set of tools if an injection is successful.\n
- Sanitization: No explicit sanitization or validation of message content is mentioned in the skill description.
Audit Metadata