mailcoach
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to execute commands such as 'membrane action run' and 'membrane request' to interact with the Mailcoach API.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent or user to install the @membranehq/cli package from the official NPM registry, which is an expected vendor resource.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing data from an external Mailcoach account. * Ingestion points: Responses from Mailcoach API actions and proxy requests containing user-controlled email lists, campaigns, and templates. * Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between its instructions and the data retrieved from Mailcoach. * Capability inventory: The skill provides the agent with the ability to execute shell commands via the membrane CLI. * Sanitization: No data sanitization or validation steps are defined for the information ingested from the external service.
Audit Metadata