pipedrive-automation

This skill is functionally coherent with its stated purpose (automating Pipedrive via an MCP-managed pipedrive toolkit). There is no embedded download-and-execute behavior, hardcoded secrets, obfuscated code, or direct evidence of backdoors in the provided text. The principal security concern is architectural: the skill requires and directs users to route Pipedrive OAuth flows and API calls through a third-party MCP (rube.app). That brokered flow means tokens, requests, and CRM data will transit or be stored by the MCP — a legitimate functional choice but a material trust and data-exposure decision. Recommend reviewers confirm the MCP operator's trustworthiness, review where tokens are stored and what scopes are granted, and prefer direct API integrations or explicit minimal-scope OAuth if data confidentiality is required.