The Agent Skills Directory

[SAFE]: The skill was analyzed for malicious patterns, obfuscation, and safety bypass attempts across all 10 threat categories. No security risks or malicious instructions were identified.
[EXTERNAL_DOWNLOADS]: The skill relies on a well-known external dependency for its functionality.
Evidence: The installation instructions in SKILL.md specify installing the requests library via pip install requests.
[COMMAND_EXECUTION]: The skill provides Python scripts that execute network requests to interface with a third-party service.
Evidence: scripts/send_mailing.py, scripts/send_batch.py, and scripts/test_connection.py utilize the requests library to perform HTTP POST and GET operations to the Poplar API.
[DATA_EXFILTRATION]: Recipient data is transmitted to an external service provider for the purpose of mail fulfillment.
Evidence: Scripts construct and send JSON payloads containing names and addresses to https://api.heypoplar.com/v1/mailing.
Context: This is the intended and primary function of the skill, and the domain heypoplar.com is the official service endpoint.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect injection via data ingestion, though it is consistent with standard tool behavior.
Ingestion points: scripts/send_batch.py reads recipient information and merge tags from a user-provided CSV file.
Boundary markers: None; CSV data is mapped directly into JSON payload structures.
Capability inventory: The skill can make network requests to the Poplar API and print status information to the console.
Sanitization: Inputs are stripped of whitespace but no deep content validation or sanitization of potential injection strings is performed.

poplar-direct-mail