convertkit-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the ConvertKit API.\n
- Ingestion points: Untrusted subscriber information and broadcast performance statistics are ingested into the agent context through tools such as KIT_LIST_SUBSCRIBERS and KIT_GET_BROADCAST_STATS.\n
- Boundary markers: None identified; the skill does not include instructions to the agent to treat retrieved data as potentially malicious or to apply delimiters.\n
- Capability inventory: The skill has the ability to perform destructive operations, specifically KIT_DELETE_SUBSCRIBER and KIT_DELETE_BROADCAST.\n
- Sanitization: No sanitization, validation, or escaping logic is defined for the data retrieved from ConvertKit.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure a remote MCP server endpoint at https://rube.app/mcp, which is an external resource not included in the trusted vendors list.\n- [NO_CODE]: The skill consists exclusively of markdown documentation and tool definitions (SKILL.md) and does not contain any executable scripts or binary files.
Audit Metadata