moosend
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official CLI tool '@membranehq/cli' from the npm registry, which is the expected tool for interacting with the Membrane platform.
- [DATA_EXFILTRATION]: The skill manages email marketing data through the Membrane platform. It correctly advises users to let the platform handle authentication and credentials server-side, minimizing the risk of local credential exposure.
- [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection because it retrieves and processes external data from Moosend APIs (such as campaign content or subscriber details) which could contain malicious instructions.
- Ingestion points: Moosend data retrieved via 'membrane action run' in SKILL.md
- Boundary markers: Absent
- Capability inventory: Execution of actions and creation of new actions via the 'membrane' CLI tool in SKILL.md
- Sanitization: Not explicitly implemented in the skill instructions
Audit Metadata