convertkit-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- External Downloads (LOW): The skill requires adding https://rube.app/mcp as an MCP server. This domain is not part of the trusted organization or repository list provided in the security guidelines.
- Data Exposure & Exfiltration (LOW): The skill is designed to manage subscriber data, which involves handling PII (email addresses). This is the intended primary purpose of the marketing automation skill.
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection via the following: Ingestion points: Subscriber emails and broadcast data entering the context via KIT_LIST_SUBSCRIBERS and KIT_LIST_BROADCASTS (SKILL.md). Boundary markers: None present to delimit data from instructions. Capability inventory: Subprocess-like tool calls for subscriber deletion (KIT_DELETE_SUBSCRIBER) and tagging (KIT_TAG_SUBSCRIBER). Sanitization: No validation or sanitization is specified for retrieved data before use in downstream logic.
Audit Metadata