Security Audit
postmark-automation
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
postmark-automation received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Data Exfiltration via Malicious Webhook URLs, Broad Server Configuration Control via `POSTMARK_EDIT_SERVER`, Unpinned Dependency on Rube MCP.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Malicious Webhook URLs The `POSTMARK_EDIT_SERVER` tool, described in the skill, allows configuring `BounceHookUrl` and `InboundHookUrl`. If an attacker can manipulate the LLM to set these URLs to an endpoint they control, sensitive email bounce notifications and inbound email content could be exfiltrated. This is a direct mechanism for data leakage if the LLM does not strictly validate user-provided URLs. Implement strict validation and whitelisting for `BounceHookUrl` and `InboundHookUrl` parameters when calling `POSTMARK_EDIT_SERVER`. Do not allow arbitrary URLs from untrusted user input. Ensure the LLM is explicitly instructed to only use pre-approved or securely validated endpoints for webhooks. | LLM | SKILL.md:176 | |
| HIGH | Unpinned Dependency on Rube MCP The skill's manifest specifies a dependency on `rube` from the `mcp` ecosystem as `{"mcp": ["rube"]}`. This dependency is not version-pinned, meaning the skill will always fetch the latest version of `rube`. This introduces a supply chain risk, as updates to `rube` could introduce breaking changes, vulnerabilities, or malicious code without explicit review or consent, potentially impacting the skill's security and stability. Pin the `rube` dependency to a specific, known-good version (e.g., `{"mcp": ["rube@1.2.3"]}`) to ensure deterministic behavior and mitigate risks from unreviewed updates. Regularly review and update pinned dependencies to maintain security and compatibility. | LLM | Manifest (frontmatter JSON):1 | |
| MEDIUM | Broad Server Configuration Control via `POSTMARK_EDIT_SERVER` The `POSTMARK_EDIT_SERVER` tool provides extensive control over Postmark server settings, including `SmtpApiActivated`, `BounceHookUrl`, `InboundHookUrl`, `TrackOpens`, and `TrackLinks`. This broad access allows for significant changes to the email sending infrastructure, which could be misused to disable security features, redirect data, or disrupt service if the LLM is not carefully constrained in its use of this tool. Restrict the LLM's ability to modify critical server settings via `POSTMARK_EDIT_SERVER` without explicit user confirmation or whitelisted values. Implement granular access control for specific parameters if possible, limiting the LLM's ability to change sensitive configurations. | LLM | SKILL.md:171 |
Scan History
Embed Code
[](https://skillshield.io/report/51894ebe46cf9e67)
Powered by SkillShield