Mailchimp Automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data and interpolates it into templates without sufficient protection.
- Ingestion points: The skill processes untrusted data from audience lists, campaign content, and automation triggers, including user-provided fields such as
subject_line,preview_text,from_name, and template variables like{{first_name}}and{{product_name}}defined inSKILL.md. - Boundary markers: No delimiters or 'ignore embedded instructions' warnings are implemented to protect the agent when interpolating external data into email templates or campaign settings.
- Capability inventory: The skill utilizes
email-mcptools (mailchimp_campaign,mailchimp_audience,mailchimp_automation,mailchimp_reports) to interact with the Mailchimp API, allowing it to create, configure, and send email campaigns and manage subscriber data based on the ingested content. - Sanitization: There is no evidence of sanitization, validation, or filtering of external input fields before they are processed or used in generated email content.
Audit Metadata