mailersend
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the official Membrane CLI package (@membranehq/cli) from the npm registry to manage Mailersend resources. This is a trusted vendor resource for this skill.
- [COMMAND_EXECUTION]: Uses the membrane CLI to execute actions and manage connections, which is the standard operational workflow for Membrane-integrated skills.
- [PROMPT_INJECTION]: Identified a surface for indirect prompt injection from processed Mailersend data. (1) Ingestion point: Mailersend API responses (e.g., email content, recipient info) via membrane action run. (2) Boundary markers: None explicitly mentioned in the instructions. (3) Capability inventory: Subprocess execution via membrane CLI. (4) Sanitization: Relies on platform-level argument handling and LLM-level safety guardrails. This is assessed as a low-risk surface inherent to integration tasks.
- [SAFE]: The skill follows security best practices by instructing the agent to never ask for credentials and instead rely on server-side authentication provided by the platform. No malicious instructions, obfuscation, or unauthorized exfiltration patterns were detected.
Audit Metadata