mandrill
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/cliglobal package from the npm registry. This is a legitimate tool provided by the vendor to facilitate the integration. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI for several operations, including user authentication (membrane login), connection management (membrane connect), and executing API actions (membrane action run). These commands are necessary for the skill's primary function and are performed through the vendor's official tool. - [PROMPT_INJECTION]: The skill processes data fetched from Mandrill (such as email content and templates), which introduces a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the outputs of
membrane action runandmembrane requestinSKILL.md. - Boundary markers: Absent. No specific delimiters or instructions are provided to the agent to distinguish between its instructions and the data being processed.
- Capability inventory: The agent has the ability to execute shell commands via the
membraneCLI as documented inSKILL.md. - Sanitization: No sanitization or validation steps are defined for the incoming Mandrill data.
Audit Metadata