mailchimp
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI (
@membranehq/cli) from the NPM registry. This tool is necessary for the skill's functionality and originates from the platform's official package scope. - [COMMAND_EXECUTION]: Uses the
membraneCLI to discover and execute actions within the Mailchimp integration. These commands are part of the intended workflow for interacting with the Membrane platform. - [CREDENTIALS_UNSAFE]: The skill correctly avoids local storage or handling of sensitive credentials. Instead, it uses a secure browser-based OAuth flow managed by the Membrane platform, ensuring secrets are refreshed and stored server-side.
- [DATA_EXFILTRATION]: Data operations are restricted to the official Mailchimp API through the Membrane connector. There is no evidence of data being sent to unauthorized third-party domains.
- [SAFE]: The skill's primary function—marketing automation—requires processing external data from Mailchimp. While this presents a surface for potential indirect prompt injection (e.g., from campaign content), the skill adheres to standard platform integration patterns designed for this purpose.
Audit Metadata