zoho_desk-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection as it processes external content from Zoho Desk (tickets, comments, and contacts).
- Ingestion points: Data fetched via
RUBE_SEARCH_TOOLSandRUBE_MULTI_EXECUTE_TOOLfrom Zoho Desk tickets and customer interactions. - Boundary markers: None identified; instructions do not specify any delimiters to separate untrusted data from system instructions.
- Capability inventory: The agent has write/modify access through
RUBE_MULTI_EXECUTE_TOOLand orchestrated execution capabilities viaRUBE_REMOTE_WORKBENCH. - Sanitization: No sanitization or validation of the ingested ticket content is mentioned before it is processed by the agent.
- [Unverifiable Dependencies] (MEDIUM): The skill requires the user to add
https://rube.app/mcpas an MCP server. This is an external service not listed in the trusted repositories or organizations, creating a dependency on an unverified third-party platform that intermediates help desk data. - [Dynamic Execution] (MEDIUM): The use of
RUBE_REMOTE_WORKBENCHfor "bulk operations or data processing" suggests a remote runtime environment where the agent can execute code (e.g., Python loops withThreadPoolExecutor). While functional, this provides a powerful execution surface that could be abused if the agent is influenced by malicious ticket data.
Recommendations
- AI detected serious security threats
Audit Metadata