pipedrive-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to connect to a remote MCP server hosted at
https://rube.app/mcp. This is a necessary configuration for the skill's primary function of CRM automation via Composio. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8).
- Ingestion points: The agent ingests untrusted data from the Pipedrive CRM through tools such as
PIPEDRIVE_GET_ALL_NOTES,PIPEDRIVE_SEARCH_PERSONS, andPIPEDRIVE_GET_DETAILS_OF_A_DEAL(referenced in SKILL.md). - Boundary markers: No specific delimiters or instructions are provided to the agent to treat external CRM data as untrusted or to ignore embedded instructions within that data.
- Capability inventory: The agent possesses significant write capabilities, including the ability to modify records (
PIPEDRIVE_UPDATE_A_DEAL), create new entities (PIPEDRIVE_ADD_A_PERSON), and execute CRM workflows. - Sanitization: There is no evidence of client-side sanitization or validation of the data retrieved from the CRM before it is processed by the LLM.
Audit Metadata