mailchimp-automation
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to add
https://rube.app/mcpas an MCP server. This endpoint provides the tool definitions and operational logic, representing a dependency on a third-party service outside of the trusted vendor list. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its campaign content management tools. 1. Ingestion points: Untrusted HTML content is accepted via the
MAILCHIMP_SET_CAMPAIGN_CONTENTtool inSKILL.md. 2. Boundary markers: The skill does not implement delimiters or 'ignore previous instructions' markers when handling the campaign HTML. 3. Capability inventory: The skill has high-privilege capabilities including sending mass emails (MAILCHIMP_SEND_CAMPAIGN) and updating subscriber records (MAILCHIMP_ADD_OR_UPDATE_LIST_MEMBER). 4. Sanitization: There is no evidence of sanitization or validation of the HTML content before it is interpolated into the workflow.
Audit Metadata