mailersend-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to fetch and follow tool schemas and execution plans directly from an external service. Ingestion points: Responses from 'https://rube.app/mcp'. Boundary markers: None. Capability inventory: 'RUBE_MULTI_EXECUTE_TOOL' and 'RUBE_REMOTE_WORKBENCH' allow for execution of various tasks based on the ingested content. Sanitization: None identified.
- [Credentials Unsafe] (HIGH): Authentication for Mailersend is handled through the 'rube.app' service via 'RUBE_MANAGE_CONNECTIONS'. This delegates control of sensitive API access to a third-party service that is not on the trusted sources list.
- [Remote Code Execution] (HIGH): The presence of 'RUBE_REMOTE_WORKBENCH' suggests that the skill can trigger logic execution on remote infrastructure controlled by the service provider.
- [External Downloads] (MEDIUM): The skill's setup instructions require adding 'https://rube.app/mcp' as a remote MCP server, which is an external dependency from an unverified source.
- [Data Exfiltration] (MEDIUM): By routing all Mailersend operations through an intermediary service, there is a risk that sensitive email content or contact data could be captured or exposed by the third-party provider.
Recommendations
- AI detected serious security threats
Audit Metadata