zoho-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to connect to a remote MCP endpoint at
https://rube.app/mcp. This domain is not a recognized trusted source, and it serves as the control plane for all skill capabilities. - REMOTE_CODE_EXECUTION (MEDIUM): The inclusion of
RUBE_REMOTE_WORKBENCHandRUBE_MULTI_EXECUTE_TOOLprovides a mechanism for the agent to perform actions within a remote environment managed by a third party. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). It instructs the agent to 'Always search tools first' and then execute tools based on the results from
RUBE_SEARCH_TOOLS. This creates a surface where a malicious response from the remote server could hijack the agent's workflow. - Ingestion points: Results from
RUBE_SEARCH_TOOLS(external data). - Boundary markers: None present in the instructions.
- Capability inventory: Zoho automation tools and remote workbench execution.
- Sanitization: None; the instructions explicitly mandate using exact field names and types provided by the untrusted search results.
Audit Metadata