activecampaign-automation
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a configuration and workflow guide for ActiveCampaign CRM automation. No malicious logic, persistence mechanisms, or unauthorized credential-harvesting patterns were identified.
- [NO_CODE]: The skill consists entirely of a Markdown file and does not include any accompanying Python, JavaScript, or shell scripts, eliminating the risk of direct malicious code execution.
- [EXTERNAL_DOWNLOADS]: The setup instructions reference the Rube MCP endpoint (https://rube.app/mcp) as the tool discovery source. This is a standard procedure for using the Rube/Composio platform and is documented as the legitimate service endpoint.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes contact data (emails, notes, and task titles) from an external CRM. 1. Ingestion points: ACTIVE_CAMPAIGN_FIND_CONTACT 2. Boundary markers: None 3. Capability inventory: ACTIVE_CAMPAIGN_CREATE_CONTACT, ACTIVE_CAMPAIGN_MANAGE_CONTACT_TAG, ACTIVE_CAMPAIGN_MANAGE_LIST_SUBSCRIPTION, ACTIVE_CAMPAIGN_CREATE_CONTACT_TASK 4. Sanitization: None documented. This risk is inherent to the integration's purpose and is mitigated by the structured tool sequence.
Audit Metadata