mailcoach
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the management of email marketing data by executing the
mailcoachCLI tool. It supports a wide range of operations including managing email lists, subscribers, campaigns, and transactional emails. - [DATA_EXPOSURE]: Documentation correctly identifies that authentication tokens and instance URLs are stored locally in
~/.mailcoach/config.json. This is standard behavior for CLI tools, and the skill does not include instructions to read or transmit this file's contents to unauthorized third parties. - [EXTERNAL_DOWNLOADS]: The skill assumes the
mailcoachCLI is pre-installed and does not attempt to download or execute external scripts or binaries during runtime. - [PROMPT_INJECTION]: No malicious patterns or instructions designed to bypass agent safety filters or override system prompts were detected. Instructions focus solely on the technical use of the CLI.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface as it processes external data such as subscriber CSV files and HTML templates for campaigns.
- Ingestion points: External data enters the context via CSV imports (
mailcoach create-subscriber-import) and HTML content updates (mailcoach update-campaign). - Boundary markers: The instructions do not define specific delimiters or warnings to ignore embedded instructions in the processed data.
- Capability inventory: The skill uses subprocess calls to the
mailcoachCLI, which performs network operations to the user's Mailcoach instance. - Sanitization: There is no mention of sanitization for the HTML or CSV content within the skill's instructions.
Audit Metadata