brevo-automation
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to add an external MCP server endpoint (
https://rube.app/mcp) to their client configuration. This service provides the logic and execution environment for the tools used to interact with Brevo. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from an external platform and possesses tools capable of modifying that platform's state.
- Ingestion points: The tools
BREVO_LIST_EMAIL_CAMPAIGNSandBREVO_GET_ALL_EMAIL_TEMPLATESretrieve content from the Brevo account which may contain instructions intended to manipulate the agent. - Boundary markers: Absent. The instructions do not define delimiters or provide specific guidance for the agent to treat data from these tools as potentially untrusted content.
- Capability inventory: The skill includes powerful write-access tools such as
BREVO_UPDATE_EMAIL_CAMPAIGN,BREVO_CREATE_OR_UPDATE_EMAIL_TEMPLATE, andBREVO_DELETE_EMAIL_TEMPLATEwhich could be abused if the agent is successfully injected. - Sanitization: Absent. There is no requirement or logic provided for the agent to sanitize or validate the content retrieved from Brevo before it is used in subsequent operations.
Audit Metadata