sendgrid-automation
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface. 1. Ingestion points: Data entering the system through
SENDGRID_IMPORT_CONTACTS(CSV processing) andSENDGRID_FILTER_ALL_MESSAGES(email activity logs). 2. Boundary markers: Absent. There are no instructions provided to the agent to treat external contact data or log content as untrusted or to ignore embedded instructions. 3. Capability inventory: The skill possesses high-impact capabilities including mass email dispatch viaSENDGRID_CREATE_SINGLE_SEND, contact deletion, and sender identity modification. 4. Sanitization: Absent. No mention of data validation or escaping is included in the instructions. - [EXTERNAL_DOWNLOADS]: The skill requires the manual addition of an external MCP server endpoint (
https://rube.app/mcp) to the agent's configuration to function. - [DATA_EXFILTRATION]: The skill manages highly sensitive PII, including email addresses, phone numbers, and physical addresses. It also provides tools for exporting this data externally via the
SENDGRID_REQUEST_CSVandSENDGRID_DOWNLOAD_CSVtools.
Audit Metadata