convertkit-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires connecting to an external MCP server endpoint (https://rube.app/mcp). While this is the intended mechanism for the tool's functionality, it is a dependency on a third-party domain not included in the trusted sources list.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from external sources (subscriber lists and broadcast content) via tools like KIT_LIST_SUBSCRIBERS. Adversarial content within email broadcasts or subscriber metadata could potentially influence agent behavior.
- Ingestion points: Subscriber data and broadcast content retrieved from the Kit API via tools like KIT_LIST_SUBSCRIBERS and KIT_GET_BROADCAST.
- Boundary markers: None provided in the skill documentation to delimit untrusted data from instructions.
- Capability inventory: Includes potentially destructive actions such as KIT_DELETE_SUBSCRIBER and KIT_DELETE_BROADCAST.
- Sanitization: No specific sanitization or validation logic is defined for processing the content of email broadcasts.
- [DATA_EXPOSURE] (SAFE): The skill manages subscriber PII (email addresses). This is the core purpose of the skill and is handled via an authenticated MCP connection (RUBE_MANAGE_CONNECTIONS), rather than unauthorized exfiltration.
Audit Metadata