outlook-automation
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to add an external MCP server endpoint (
https://rube.app/mcp). This is a community-provided infrastructure that acts as a proxy between the agent and Microsoft Graph APIs. - [DATA_EXFILTRATION]: The skill is designed to read, search, and manage sensitive communications and personal data, including email bodies, attachments, and contact lists. This data is processed through the third-party
rube.appservice, which represents a significant trust requirement as the service handles the OAuth tokens and data flow. - [PROMPT_INJECTION]: The skill provides tools to ingest untrusted data from external sources, specifically through
OUTLOOK_GET_MESSAGEandOUTLOOK_DOWNLOAD_OUTLOOK_ATTACHMENT. This creates a surface for indirect prompt injection, where an attacker could send a malicious email containing instructions designed to hijack the agent's session. The skill lacks boundary markers or sanitization logic to mitigate this risk.
Audit Metadata