email-marketing-automation
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Communicates with the Klaviyo API (a.klaviyo.com) and utilizes standard packages like klaviyo-api and bullmq for its core functionality. These are well-known and trusted resources for the e-commerce domain.
- [DATA_EXFILTRATION]: Securely manages API credentials by utilizing environment variables (KLAVIYO_PRIVATE_KEY) rather than hardcoded secrets, ensuring sensitive keys are not exposed in the codebase.
- [PROMPT_INJECTION]: The skill manages a data ingestion surface for customer event data to trigger marketing flows. Ingestion points: Customer profile data and event properties from Shopify, WooCommerce, and custom webhooks (SKILL.md). Boundary markers: No specific boundary markers or 'ignore embedded instructions' prompts are implemented in the code stubs. Capability inventory: Authenticated network requests to the Klaviyo Events API. Sanitization: Input validation is intended to be managed by the source platforms or the final implementation logic.
Audit Metadata