postmark-automation
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to add an external MCP server at https://rube.app/mcp. This domain is not identified as a trusted organization or well-known service. Connecting to third-party MCP endpoints allows the remote server to define tools and potentially intercept sensitive data or deliver malicious tool schemas.
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection by processing untrusted data (email templates and content) while maintaining high-privilege capabilities.
- Ingestion points: Processes email content (HtmlBody, TextBody) and template variables (TemplateModel) mentioned in SKILL.md.
- Boundary markers: Absent; the instructions do not include delimiters or warnings to ignore embedded commands in the processed data.
- Capability inventory: Includes sensitive tools such as POSTMARK_SEND_BATCH_WITH_TEMPLATES (mass communication) and POSTMARK_EDIT_SERVER (configuration modification).
- Sanitization: No evidence of sanitization or validation for the content being sent through Postmark tools.
Audit Metadata