zoho-mail-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted content from Zoho Mail (emails) while providing tool execution capabilities via RUBE_MULTI_EXECUTE_TOOL. ● Ingestion points: Zoho Mail account data (emails/folders) ● Boundary markers: Absent; no instruction delimiters provided ● Capability inventory: RUBE_MULTI_EXECUTE_TOOL, RUBE_REMOTE_WORKBENCH ● Sanitization: Absent; external content is interpolated directly into the agent context.
- [Unverifiable Dependencies] (MEDIUM): The skill instructs the user to configure a remote MCP server (https://rube.app/mcp) that is not on the trusted source list. ● Evidence: Setup section instructing manual addition of the rube.app endpoint. ● Trust Status: Non-whitelisted source.
- [Command Execution] (MEDIUM): The skill utilizes RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to execute dynamic tool slugs discovered at runtime, which could be exploited if the search results are poisoned via indirect injection.
Recommendations
- AI detected serious security threats
Audit Metadata