pipedrive-automation
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process data from the Pipedrive CRM, which could contain adversarial instructions (Indirect Prompt Injection) embedded in fields like person names, deal titles, or activity notes.
- Ingestion points: The skill retrieves untrusted data from CRM records via tools such as
PIPEDRIVE_SEARCH_PERSONS,PIPEDRIVE_SEARCH_ORGANIZATIONS, andPIPEDRIVE_GET_DETAILS_OF_A_DEALas described inSKILL.md. - Boundary markers: There are no instructions to use delimiters or ignore embedded commands when processing retrieved CRM data.
- Capability inventory: The skill enables broad capabilities including creating and updating deals (
PIPEDRIVE_ADD_A_DEAL), modifying contacts, and scheduling activities. - Sanitization: The skill does not define methods for sanitizing or validating the content retrieved from Pipedrive before the agent acts upon it.
- [SAFE]: No obfuscation, hardcoded credentials, or persistence mechanisms were detected in the skill content.
- [EXTERNAL_DOWNLOADS]: The skill provides a configuration URL (
https://rube.app/mcp) for users to set up an MCP server. This is a manual prerequisite for the user and does not involve automated downloads or runtime execution of remote scripts by the agent.
Audit Metadata