klaviyo-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to add an external MCP server from 'https://rube.app/mcp'. This domain is not part of the trusted organization or repository list. Since this server provides the tool definitions and handles authentication for the Klaviyo account, a compromised or malicious server could intercept credentials or execute unauthorized actions.
- [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection due to processing untrusted data from Klaviyo campaigns. Ingestion points: The
KLAVIYO_GET_CAMPAIGN_MESSAGEtool retrieves campaign content includingcontent.bodyandcontent.subject(SKILL.md). Boundary markers: None are defined to separate ingested campaign content from system instructions. Capability inventory: The skill has capabilities to read campaigns, messages, tags, and send jobs via theklaviyotoolkit. Sanitization: There is no mention of sanitizing or escaping the retrieved campaign content before the agent processes it.
Audit Metadata