moosend-automation

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches data from Moosend and has tool execution capabilities, creating a potential path for malicious instructions embedded in external Moosend data (like email content or subscriber fields) to influence agent behavior.
  • Ingestion points: Data retrieved from the Moosend API through the Rube MCP toolkit.
  • Boundary markers: Absent; instructions do not specify delimiters to isolate external content.
  • Capability inventory: Subprocess-equivalent tool execution via RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH.
  • Sanitization: Absent; the skill relies on the agent to interpret raw tool outputs.
  • [SAFE]: The skill utilizes official integrations and endpoints from Composio (rube.app and composio.dev), which are well-known services in the AI automation space. No hardcoded credentials or malicious persistence mechanisms were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:38 PM
Security Audit — agent-trust-hub — moosend-automation