activecampaign-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to add a third-party MCP server from https://rube.app/mcp. This domain is not listed in the trusted external sources, and adding unverified MCP endpoints allows remote execution of tool definitions and potential data access that cannot be statically verified.
- [PROMPT_INJECTION] (LOW): The skill exhibits vulnerability to Indirect Prompt Injection (Category 8) due to its data processing flow. 1. Ingestion points: Untrusted data enters the agent context via ACTIVE_CAMPAIGN_FIND_CONTACT, which retrieves user-controlled fields like names and descriptions. 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the retrieved data. 3. Capability inventory: The skill has write-access capabilities including ACTIVE_CAMPAIGN_CREATE_CONTACT_TASK and ACTIVE_CAMPAIGN_ADD_CONTACT_TO_AUTOMATION. 4. Sanitization: Absent; no validation or escaping is performed on contact data before it is used in subsequent operations.
Audit Metadata