zoho-invoice-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The skill requires the agent to connect to an untrusted external MCP server (https://rube.app/mcp). This server is not part of the trusted external sources and acts as an unverified third-party dependency defining the agent's tools.
- [Remote Code Execution] (HIGH): Through functions like RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH, the skill enables the execution of remote logic defined by the external server.
- [Prompt Injection] (HIGH): The skill is susceptible to indirect prompt injection when processing invoice data. 1. Ingestion points: Untrusted data enters the agent context via Zoho Invoice records (e.g., customer notes, invoice descriptions). 2. Boundary markers: No delimiters or isolation instructions are provided. 3. Capability inventory: Broad automation capabilities including creating and updating financial records via RUBE_MULTI_EXECUTE_TOOL. 4. Sanitization: No sanitization or validation of data retrieved from Zoho is implemented before it influences agent decision-making.
Recommendations
- AI detected serious security threats
Audit Metadata