Brevo Automation

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a straightforward Brevo automation helper, with one deletion-related caution users should handle carefully.

Install only if you want an agent to help manage Brevo assets through your connected account. Before allowing deletions, ask the agent to list or fetch the exact template, confirm the template ID/name, and proceed only after an explicit user confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly documents `BREVO_DELETE_EMAIL_TEMPLATE` as part of a normal workflow but provides no safety guidance such as requiring explicit user confirmation, checking template status, or warning about destructive effects. In an agentic setting, this increases the risk of accidental or unauthorized deletion of marketing assets, especially because deletion is presented alongside routine create/update operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal