convertkit-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from the Kit API that could contain hidden instructions (indirect prompt injection) which may influence the agent's behavior.
- Ingestion points: Untrusted data enters the agent context through tools like
KIT_LIST_SUBSCRIBERS(subscriber metadata) andKIT_GET_BROADCAST(email content). - Boundary markers: The instructions do not specify any boundary markers or delimiters to help the agent distinguish between data and system instructions.
- Capability inventory: The skill includes tools with destructive capabilities, such as
KIT_DELETE_SUBSCRIBERandKIT_DELETE_BROADCAST. - Sanitization: There is no mention of sanitizing or validating the ingested content before it is processed by the agent.
Audit Metadata