outlook-automation
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to configure an external MCP server endpoint at 'https://rube.app/mcp'. This domain is not identified as a trusted organization or well-known service in the provided list, and it does not match the vendor resource patterns for 'sickn33'.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its interaction with Microsoft Outlook data.
- Ingestion points: Content is retrieved from external emails using the OUTLOOK_GET_MESSAGE and OUTLOOK_SEARCH_MESSAGES tools defined in SKILL.md.
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified for processing email bodies.
- Capability inventory: The agent is granted permissions to read, search, and modify sensitive emails, contacts, and calendar entries.
- Sanitization: No sanitization or validation of the external email content is implemented to prevent the agent from acting on malicious instructions embedded in message bodies.
Audit Metadata