migma
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
migmaCLI to perform all tasks, including email generation, delivery, and audience management. This is the intended operation of the tool. - [EXTERNAL_DOWNLOADS]: The skill installs the
@migma/cliNode.js package from the official npm registry. This package is maintained by the vendor (migmaai). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data ingestion capabilities.
- Ingestion points: Data enters the agent context through
migma projects import <url>(SKILL.md),migma contacts import <file>(SKILL.md), and by reusing previous email contexts via the--referenceflag inmigma generate(SKILL.md). - Boundary markers: No specific delimiters or instructions (e.g., XML tags or 'ignore embedded instructions' markers) are used when interpolating external content into generation prompts.
- Capability inventory: The skill has the ability to send emails to external recipients (
migma send), manage webhooks (migma webhooks create), and configure sending domains (migma domains managed create). - Sanitization: There is no evidence of sanitization or validation for content fetched from external URLs or local files before it is processed by the AI.
Audit Metadata