docusign-automation
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the addition of a remote MCP server at
https://rube.app/mcp. This external source provides the tool definitions and execution logic for the DocuSign automation, creating a dependency on unverified third-party infrastructure. - [REMOTE_CODE_EXECUTION]: By configuring an external MCP server, the agent dynamically retrieves and executes tool logic from a remote domain. If the provider (
rube.app) is compromised or malicious, they could alter tool behavior to perform unauthorized actions on behalf of the user. - [DATA_EXFILTRATION]: The skill instructs users to use
RUBE_MANAGE_CONNECTIONSfor DocuSign OAuth. This process routes sensitive authentication flows and potentially document metadata through the third-partyrube.appproxy, posing a risk of session token harvesting or unauthorized access to DocuSign account data. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. It reads external data from DocuSign templates and envelopes (using
DOCUSIGN_GET_TEMPLATEandDOCUSIGN_GET_ENVELOPE) and has the capability to send documents for signature. Evidence chain: - Ingestion points: DocuSign template descriptions and recipient fields retrieved via API (SKILL.md).
- Boundary markers: No specific delimiters or safety instructions are provided to handle malicious content inside templates.
- Capability inventory: Has the ability to send emails and manage envelopes via
DOCUSIGN_SEND_ENVELOPE(SKILL.md). - Sanitization: No evidence of input validation or sanitization for data retrieved from the DocuSign API before it is processed by the agent.
Audit Metadata