activecampaign-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection via data processed from ActiveCampaign.
- Ingestion points: Contact data (names, emails, organization) retrieved via
ACTIVE_CAMPAIGN_FIND_CONTACT. - Boundary markers: Absent; no instructions to ignore embedded commands in CRM data.
- Capability inventory: The skill can create contacts, modify tags, manage list subscriptions, and enroll contacts in automations via the MCP toolset.
- Sanitization: None specified for the data retrieved from external API responses.
- External Downloads (LOW): The skill directs users to add
https://rube.app/mcpas an MCP server. While this is the primary purpose of the skill, it introduces a dependency on an external, non-whitelisted third-party service.
Audit Metadata