one-drive-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from an external filesystem.
- Ingestion points: Metadata and file content ingested via
ONE_DRIVE_SEARCH_ITEMS,ONE_DRIVE_GET_ITEM, andONE_DRIVE_ONEDRIVE_LIST_ITEMS. - Boundary markers: None identified. There are no explicit instructions for the agent to ignore or delimit instructions found within file names or content.
- Capability inventory: Significant capabilities including permission management (
ONE_DRIVE_INVITE_USER_TO_DRIVE_ITEM), file deletion (ONE_DRIVE_DELETE_ITEM), and data transfer (ONE_DRIVE_ONEDRIVE_UPLOAD_FILE,ONE_DRIVE_COPY_ITEM). - Sanitization: No evidence of sanitization or validation of the retrieved file metadata or content before it enters the agent's context.
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server at
https://rube.app/mcp. While this is the intended service for the skill's functionality, it introduces a dependency on a non-standard, third-party endpoint.
Audit Metadata