Contentful Automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill creates a surface for indirect attacks by processing external content from Contentful.
- Ingestion points: Space names and metadata are retrieved via
CONTENTFUL_LIST_SPACESandCONTENTFUL_GET_SPACE(SKILL.md). - Boundary markers: No delimiters or explicit instructions are provided to the agent to treat CMS metadata as untrusted data rather than instructions.
- Capability inventory: The skill has write access via
CONTENTFUL_UPDATE_SPACE, which allows the agent to modify CMS state based on potentially poisoned input. - Sanitization: There is no evidence of input validation or sanitization for the data retrieved from the CMS.
- External Dependency (LOW): The skill requires the configuration of an external MCP server located at
https://rube.app/mcp. While this is the intended infrastructure, it constitutes a dependency on an external, non-whitelisted domain.
Audit Metadata