helpdesk-automation
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted HelpDesk data.
- Ingestion points: Ticket bodies and subjects via HELPDESK_LIST_TICKETS, and template content via HELPDESK_LIST_CANNED_RESPONSES.
- Boundary markers: The instructions lack delimiters or system-level warnings to ignore embedded commands in retrieved data.
- Capability inventory: The agent is instructed to use RUBE_MANAGE_CONNECTIONS and RUBE_SEARCH_TOOLS to interface with the HelpDesk toolkit.
- Sanitization: No sanitization or validation of the external content is performed before processing.
- [EXTERNAL_DOWNLOADS]: The skill utilizes an external MCP server endpoint at https://rube.app/mcp for tool discovery and execution.
- [NO_CODE]: No scripts or binaries are included with the skill; it consists entirely of markdown-based instructions and configuration.
Audit Metadata