emailoctopus
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This is the official command-line interface for the Membrane platform, provided by the skill author, and is required for the integration to function. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI tool to perform various operations, including searching for, creating, and running actions. These operations are the primary mechanism for interacting with the Emailoctopus API through the Membrane platform. - [DATA_EXFILTRATION]: The skill follows security best practices by instructing the agent to never ask the user for API keys or tokens. Instead, it utilizes Membrane connections to manage the authentication lifecycle server-side, preventing local exposure of sensitive credentials.
- [PROMPT_INJECTION]: As the skill retrieves and processes external data from Emailoctopus (such as contact details and campaign reports), it possesses an indirect prompt injection surface. If marketing data contains malicious instructions, they could potentially influence the agent's behavior during processing, which is a common risk factor for data-integration skills.
Audit Metadata