brevo-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [No Code] (SAFE): The skill consists entirely of markdown documentation and tool definitions. No scripts, binaries, or executable files are included in the skill package.
- [Indirect Prompt Injection] (LOW): The skill is designed to retrieve and process content from external email campaigns and templates, which serves as a potential attack surface.
- Ingestion points: Data enters the agent context via
BREVO_LIST_EMAIL_CAMPAIGNSandBREVO_GET_ALL_EMAIL_TEMPLATESwhich pull live content from Brevo accounts. - Boundary markers: The provided instructions do not specify any delimiters (e.g., XML tags or triple quotes) to separate retrieved campaign data from agent instructions.
- Capability inventory: The agent has the capability to perform write actions, such as creating or updating email campaigns and templates, which could be abused if the agent follows instructions hidden within a retrieved email.
- Sanitization: No content sanitization or validation steps are mentioned in the workflow for processing external data.
Audit Metadata