migma
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection due to the ingestion of untrusted data from external websites and files.
- Ingestion points:
migma projects import <url>(SKILL.md) andmigma contacts import <file>(SKILL.md) which pull external content into the agent context. - Boundary markers: Absent. The output of these commands is processed as JSON without clear delimiters to prevent instruction hijacking.
- Capability inventory:
migma send(network side-effects),migma export(data exfiltration to ESPs), andmigma contacts remove(file/data modification). - Sanitization: Absent. There is no evidence that brand voice content or contact data is sanitized before it influences the agent's reasoning.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of
@migma/clivia npm. This is an unverified external dependency from a non-trusted organization, representing a supply chain risk. - [DATA_EXFILTRATION] (MEDIUM): The
migma exportcommand group (klaviyo, mailchimp, hubspot) allows for the movement of sensitive contact and campaign data to external platforms. This capability could be exploited if the agent is manipulated by injected instructions. - [COMMAND_EXECUTION] (LOW): The skill routinely executes the
migmabinary with parameters derived from user input or imported data, which is a necessary but inherent risk factor.
Recommendations
- AI detected serious security threats
Audit Metadata