mailcoach
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the mailcoach CLI to perform various email marketing tasks, including campaign management, subscriber updates, and list retrieval.
- [DATA_EXFILTRATION]: Provides the capability to read local files using the @ prefix for CSV imports and email attachments, which is an intended functional feature of the Mailcoach CLI.
- [CREDENTIALS_UNSAFE]: Identifies the sensitive configuration file path ~/.mailcoach/config.json where the CLI stores API tokens and instance URLs.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. 1. Ingestion points: External data enters the context through Mailcoach API responses (e.g., campaign content, subscriber fields) and local CSV file imports. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided. 3. Capability inventory: The skill has the capability to execute shell commands via the mailcoach CLI. 4. Sanitization: There is no documentation of sanitization or validation for data retrieved from external or local sources before processing.
Audit Metadata