activecampaign
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from ActiveCampaign (e.g., contact fields, deal notes) which could contain malicious instructions designed to influence agent behavior.
- Ingestion points: Untrusted data enters the context via
activecampaign contacts list,activecampaign contacts get, andactivecampaign deals listoperations. - Boundary markers: The instructions do not define clear delimiters or include 'ignore embedded instructions' warnings for the data being processed.
- Capability inventory: The skill possesses capabilities to modify external state, including
activecampaign contacts sync,activecampaign deals create, andactivecampaign automations add-contact. - Sanitization: There is no evidence of sanitization, validation, or escaping of retrieved CRM content before it is processed by the AI agent.
- [COMMAND_EXECUTION]: The skill requires the installation of a binary named
activecampaignand instructs the agent to execute shell commands using this binary to interact with the CRM API.
Audit Metadata