The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or security violations were identified during the analysis of the skill's instructions, SQL queries, or TypeScript code snippets.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill facilitates the transfer of customer information to external marketing platforms, which is its primary intended purpose.
The syncSegmentToKlaviyo function in SKILL.md targets the official Klaviyo API (a.klaviyo.com) using secure environment variable handling (process.env.KLAVIYO_PRIVATE_KEY) for authentication.
The exportSuppressionListForMeta function implements SHA-256 hashing for email addresses using the Node.js crypto module, adhering to privacy standards for third-party audience matching.
[INDIRECT_PROMPT_INJECTION]: The skill provides an interface for processing untrusted customer data from databases.
Ingestion points include the customers and orders tables mentioned in the SQL and TypeScript snippets.
The skill has capabilities to read these records and transmit them to external APIs via network requests.
While the provided snippets do not show explicit input sanitization, the logic follows standard data-piping patterns for marketing synchronization rather than risky LLM prompt interpolation.

customer-segmentation