acymailing
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a vendor-owned resource required for the skill to communicate with the Membrane platform. - [COMMAND_EXECUTION]: Uses the
membraneCLI for managing the integration lifecycle, including authentication (membrane login), connection setup (membrane connect), and action execution (membrane action run). These commands are standard for the platform's operation. - [REMOTE_CODE_EXECUTION]: Triggered via the
membrane action runandmembrane action createcommands. These operations execute logic within the Membrane platform's managed environment, which is the intended design for this integration. - [DATA_EXFILTRATION]: Facilitates the transfer of email marketing data between the agent's environment and the AcyMailing service. The skill follows best practices by letting the platform manage credentials server-side, preventing the exposure of API keys in local scripts or prompts.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data retrieved from AcyMailing (e.g., campaign content, mailing lists).
- Ingestion points: Data enters the context via
membrane action runandmembrane action listwhen fetching records from AcyMailing. - Boundary markers: None are explicitly defined in the instruction set to delimit untrusted data.
- Capability inventory: The skill can execute network and data operations through the
membranetool. - Sanitization: No specific sanitization or filtering of external data is described in the provided markdown instructions.
Audit Metadata