brevo-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill directs users to connect to an external MCP server at https://rube.app/mcp. While this is standard for its functionality, the domain is not included in the trusted source list.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted email campaign and template data from Brevo. 1. Ingestion points: BREVO_LIST_EMAIL_CAMPAIGNS and BREVO_GET_ALL_EMAIL_TEMPLATES. 2. Boundary markers: Absent in prompt instructions. 3. Capability inventory: Update and creation tools for campaigns and templates. 4. Sanitization: Not specified in the skill body.
- [Prompt Injection] (SAFE): No instructions were found that attempt to override the agent's system prompt or bypass safety guardrails.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or unauthorized data access patterns detected; authentication is handled via the RUBE_MANAGE_CONNECTIONS tool.
Audit Metadata