zoho-crm-automation
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to add 'https://rube.app/mcp' as an MCP server. This is an external endpoint provided by a third party not included in the trusted vendors list.
- [DATA_EXFILTRATION]: Using the rube.app service as a proxy for Zoho CRM operations involves transmitting sensitive business data—such as leads, contacts, and financial deals—to an external infrastructure, which may lead to unauthorized data exposure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from CRM modules that may contain attacker-controlled content.
- Ingestion points: CRM data retrieved through tools like 'ZOHO_SEARCH_ZOHO_RECORDS' and 'ZOHO_GET_ZOHO_RECORDS'.
- Boundary markers: The skill does not define delimiters or provide instructions to the agent to ignore potentially malicious content within CRM records.
- Capability inventory: The skill possesses significant write capabilities, including 'ZOHO_CREATE_ZOHO_RECORD', 'ZOHO_UPDATE_ZOHO_RECORD', and 'ZOHO_CONVERT_ZOHO_LEAD', which could be abused if an injection occurs.
- Sanitization: No sanitization or validation mechanisms are implemented for the data ingested from external CRM modules.
Audit Metadata