Skills
skills/sickn33/antigravity-awesome-skills/brevo-automation/Snyk

brevo-automation

Warn

Audited by Snyk on Feb 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The skill's required workflows for updating campaigns and creating/updating templates explicitly accept an htmlUrl parameter (see "Key parameters for update" and "Key parameters for create/update" in SKILL.md), which requires fetching and ingesting arbitrary HTML from external URLs into the agent's workflow, exposing it to untrusted third‑party content that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires connecting to the Rube MCP endpoint https://rube.app/mcp and calling RUBE_SEARCH_TOOLS at runtime to fetch tool schemas that determine agent instructions/behavior, so this remote URL is a required runtime source that can directly control prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 09:34 AM