espocrm-automation
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection. The skill is designed to retrieve and process data from EspoCRM, which could be used to influence the agent's behavior during tool execution. \n
- Ingestion points: Data retrieved from EspoCRM via RUBE_MULTI_EXECUTE_TOOL. \n
- Boundary markers: The instructions do not define delimiters or explicit warnings to isolate external data from system instructions. \n
- Capability inventory: Tool execution via RUBE_MULTI_EXECUTE_TOOL and batch operations via RUBE_REMOTE_WORKBENCH. \n
- Sanitization: No data validation or sanitization steps are documented before processing CRM content. \n- [EXTERNAL_DOWNLOADS]: Fetches tool schemas and configuration from the Composio Rube MCP endpoint (https://rube.app/mcp), which is a well-known service associated with the skill's intended functionality.
Audit Metadata