actblue
Warn
Audited by Snyk on Mar 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to fetch and proxy arbitrary ActBlue API endpoints (e.g., via "membrane request CONNECTION_ID /path/to/endpoint") and to list/run actions that return third-party API responses, meaning it will ingest untrusted, public ActBlue content as part of its workflow.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). This skill integrates directly with ActBlue, a payment/fundraising gateway, and exposes Membrane actions and a proxy to the ActBlue API. It lists domain-specific objects (Contribution Form, Recurring Contribution Series, User) and documents calling actions and sending HTTP requests (including POST/JSON bodies) to ActBlue endpoints via Membrane. That is a specific payment platform integration (not a generic tool) and therefore enables sending transactions/creating donations — i.e., direct financial execution.
Audit Metadata