The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to configure https://rube.app/mcp as an MCP server. This third-party endpoint provides the logic for the tools used. Since the provider is not on the trusted organizations list, it constitutes an unverifiable external dependency.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: The tool KLAVIYO_GET_CAMPAIGN_MESSAGE retrieves content.body and content.html from external Klaviyo campaigns.
Boundary markers: Absent. The instructions do not specify any delimiters to separate untrusted message content from system instructions.
Capability inventory: Limited to read-only operations (listing campaigns, fetching messages, checking send status). No tools for sending emails, modifying campaigns, or executing system commands are provided in this skill.
Sanitization: Absent. There is no evidence of filtering or escaping external content before it is processed by the agent.
Reasoning: Because the current toolset lacks write or execute capabilities, the threat is restricted to the agent's internal reasoning and local display. The severity would escalate to HIGH if the toolset were expanded to include actions with external side effects (e.g., sending messages).

klaviyo-automation