mailchimp-automation
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to add an external MCP server endpoint (
https://rube.app/mcp). This remote service provides the tool definitions and execution logic, making the agent's core functionality dependent on untrusted third-party infrastructure. - [DATA_EXFILTRATION]: Sensitive marketing data, including subscriber email addresses (PII), audience lists, and campaign performance metrics, is transmitted through the
rube.appintermediary. The claim that "No API keys needed" suggests that the service manages authentication, which could result in the storage or exposure of sensitive access tokens on the third-party server. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data.
- Ingestion points: Subscriber data and campaign reports are fetched via
MAILCHIMP_LIST_MEMBERS_INFOandMAILCHIMP_GET_CAMPAIGN_REPORT. - Boundary markers: No delimiters or instructions are provided to the agent to ignore potentially malicious content embedded in the retrieved data.
- Capability inventory: The skill has powerful capabilities, including creating and sending email campaigns (
MAILCHIMP_SEND_CAMPAIGN), which could be abused if an attacker can influence the agent's instructions through data injection. - Sanitization: No sanitization or validation of the HTML content provided to
MAILCHIMP_SET_CAMPAIGN_CONTENTis performed, allowing for the potential injection of malicious scripts or formatting.
Audit Metadata