moosend
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official Membrane CLI tool from the vendor. Evidence:
npm install -g @membranehq/cliin SKILL.md. This tool is necessary for the platform's authentication and action execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: The skill fetches data (campaigns, subscribers, lists) from Moosend using
membrane action runandmembrane requestas seen in SKILL.md. - Boundary markers: No explicit boundary markers or 'ignore' instructions are present to protect against instructions embedded in Moosend data.
- Capability inventory: The skill can execute various actions, including creating resources and sending email campaigns, using the
membranetool as specified in SKILL.md. - Sanitization: There is no evidence of sanitization or validation of the data received from Moosend before it is utilized by the agent.
Audit Metadata