brevo
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto perform HTTP requests to the Brevo API andjqfor processing JSON responses, which are standard utilities for API interaction. - [EXTERNAL_DOWNLOADS]: Fetches and sends data to
api.brevo.com. Brevo is a well-known service provider, and the skill connects to its official endpoints. - [DATA_EXFILTRATION]: Utilizes a
BREVO_TOKENenvironment variable for authentication. Instructions correctly advise users to export this key rather than hardcoding it, adhering to standard secret management practices. - [PROMPT_INJECTION]: The skill handles user-supplied data such as email content, contact names, and attributes, which presents a surface for indirect prompt injection.
- Ingestion points: Contact attributes and email parameters processed in
SKILL.md. - Boundary markers: No explicit delimiters or instructions are used to separate user data from commands.
- Capability inventory: Shell command execution via
curland file system writes to/tmp/brevo_request.json. - Sanitization: The skill does not explicitly define sanitization steps for user-provided strings before they are incorporated into API request payloads.
Audit Metadata