sequenzy-email-marketing
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local
sequenzyCLI to perform email marketing tasks. The execution patterns described are consistent with standard administrative operations for an email service. - [DATA_EXFILTRATION]: Network activity is restricted to legitimate service domains (
api.sequenzy.com,sequenzy.com). The skill correctly instructs the use of environment variables for sensitive API keys rather than hardcoding credentials. - [EXTERNAL_DOWNLOADS]: No external scripts, remote payloads, or unverified third-party dependencies are downloaded or executed by the skill.
- [PROMPT_INJECTION]: The instructions do not contain patterns intended to bypass AI safety guardrails or override core agent behavior.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data from various sources, presenting a potential surface for indirect injection.
- Ingestion points: Files and strings passed to parameters such as
--html-file,--blocks-file,--emails-file, and--filter-jsoninreferences/command-reference.mdandreferences/use-cases.md. - Boundary markers: The skill includes explicit instructions in
SKILL.mdto "Validate IDs, recipient email, subject, template, or content input before issuing a mutation." - Capability inventory: Subprocess calls via the
sequenzyCLI and network requests to the Sequenzy API for creating/sending emails. - Sanitization: The skill advises that generated content is draft material and must be reviewed by the user before deployment.
Audit Metadata