mailerlite
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from npm. This package is an official resource provided by the vendor (Membrane) for platform integration and is considered a safe dependency.- [COMMAND_EXECUTION]: The skill utilizes themembranecommand-line interface to interact with the Mailerlite API. These commands are part of the intended functionality and handle authentication securely through the vendor's infrastructure.- [PROMPT_INJECTION]: The skill facilitates processing data from the Mailerlite API, creating a surface for potential indirect prompt injection. This is a common characteristic of data integration skills and not a specific security flaw in the instructions themselves. Ingestion points: Data from Mailerlite API responses viamembrane action runandmembrane request. Boundary markers: None identified in the current instructions. Capability inventory: The agent can execute shell commands via themembraneCLI. Sanitization: No explicit sanitization of external API content is documented in the skill instructions.
Audit Metadata