Skills
AGENT LAB: SKILLS
skills/composiohq/awesome-claude-skills/zoho-crm-automation/Gen Agent Trust Hub

zoho-crm-automation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the use of an unverified external MCP server endpoint (https://rube.app/mcp). This domain is not included in the Trusted External Sources list, posing a supply chain risk as sensitive CRM data is processed through this third-party service.
  • [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection (Category 8). The skill ingests untrusted data from Zoho CRM records which could contain malicious instructions.
  • Ingestion points: ZOHO_SEARCH_ZOHO_RECORDS, ZOHO_GET_ZOHO_RECORDS (SKILL.md)
  • Boundary markers: Absent. Instructions do not mandate delimiters for record data.
  • Capability inventory: The skill has significant write capabilities including ZOHO_CREATE_ZOHO_RECORD, ZOHO_UPDATE_ZOHO_RECORD, and ZOHO_CONVERT_ZOHO_LEAD (SKILL.md).
  • Sanitization: Absent. No filtering or validation of CRM field content is described.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:05 PM