MailerLite Automation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the 'rube' MCP server and refers users to
https://rube.app/mcpfor authentication. This domain and the 'rube' dependency are not part of the trusted external source list. \n- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data ingestion capabilities. \n - Ingestion points: Untrusted data enters the agent's context through
MAILERLITE_GET_SUBSCRIBERS,MAILERLITE_GET_CAMPAIGNS, andMAILERLITE_GET_GROUPS. \n - Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded commands in the retrieved marketing data. \n
- Capability inventory: The skill is limited to MailerLite API interactions and lacks high-risk capabilities like shell execution or local file system modification. \n
- Sanitization: Absent. The skill documentation does not describe any validation or sanitization of the data retrieved from the MailerLite API.
Audit Metadata