postmark-automation
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to configure the endpoint https://rube.app/mcp as an MCP server. This is a legitimate resource belonging to the vendor infrastructure.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it retrieves and processes email templates and server metadata that could contain malicious instructions. Ingestion points: External data is ingested through tools like POSTMARK_GET_TEMPLATE, POSTMARK_LIST_TEMPLATES, and POSTMARK_GET_SERVER. Boundary markers: The instructions lack delimiters or explicit warnings to the agent to disregard instructions found within processed data. Capability inventory: The skill allows the agent to perform sensitive operations including sending batch emails (POSTMARK_SEND_BATCH_WITH_TEMPLATES), modifying templates (POSTMARK_EDIT_TEMPLATE), and altering server configurations (POSTMARK_EDIT_SERVER). Sanitization: There is no evidence of sanitization or validation protocols for the content retrieved from the Postmark API before agent processing.
Audit Metadata