activecampaign-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to add an external MCP server endpoint (
https://rube.app/mcp). This is the intended infrastructure for the skill's operation and is documented neutrally as it is a core functional requirement. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests data from external contact records that could be controlled by third parties.
- Ingestion points: Contact data is retrieved via the
ACTIVE_CAMPAIGN_FIND_CONTACTtool as described inSKILL.md. - Boundary markers: The skill instructions do not define any delimiters or system-level warnings to ignore embedded instructions within the CRM data.
- Capability inventory: The skill possesses write capabilities including creating contacts (
ACTIVE_CAMPAIGN_CREATE_CONTACT), managing subscriptions, and creating tasks (ACTIVE_CAMPAIGN_CREATE_CONTACT_TASK). - Sanitization: No evidence of sanitization, filtering, or validation of the retrieved CRM data before it enters the agent's context is provided.
Audit Metadata