Skills
skills/aaaaqwq/agi-super-skills/convertkit-automation/Gen Agent Trust Hub

convertkit-automation

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources (Kit subscriber and broadcast data) and possesses impactful capabilities.\n
  • Ingestion points: Subscriber data retrieved via KIT_LIST_SUBSCRIBERS and broadcast content via KIT_LIST_BROADCASTS as described in SKILL.md.\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined for processing external data.\n
  • Capability inventory: The skill uses tools with side effects, including KIT_DELETE_SUBSCRIBER, KIT_DELETE_BROADCAST, and KIT_TAG_SUBSCRIBER.\n
  • Sanitization: There is no evidence of data sanitization or validation before using external content in the agent's context.\n- [EXTERNAL_DOWNLOADS]: The skill requires connection to an external MCP server endpoint at https://rube.app/mcp to function.\n- [NO_CODE]: The skill consists entirely of markdown instructions and does not include any scripts or executable files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:55 AM