Skills
skills/aaaaqwq/agi-super-skills/klaviyo-automation/Gen Agent Trust Hub

klaviyo-automation

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the user to configure an external MCP server at https://rube.app/mcp to access the Klaviyo tools. This domain is not on the established trusted list.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external campaign messages.
  • Ingestion points: The KLAVIYO_GET_CAMPAIGN_MESSAGE tool retrieves potentially untrusted data from email and SMS bodies (content.body, content.subject).
  • Boundary markers: No delimiters or specific instructions are provided to the agent to treat the retrieved campaign content as untrusted data or to ignore embedded instructions.
  • Capability inventory: The skill has the capability to manage authentication and connections via RUBE_MANAGE_CONNECTIONS.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved campaign content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:56 AM