Skills
skills/sickn33/antigravity-awesome-skills/klaviyo-automation/Gen Agent Trust Hub

klaviyo-automation

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it retrieves and processes content from Klaviyo campaign messages and SMS bodies which may contain untrusted data.
  • Ingestion points: The KLAVIYO_GET_CAMPAIGN_MESSAGE tool retrieves message attributes including content.body and content.subject.
  • Capability inventory: The skill has the ability to list campaigns, inspect messages, and monitor send jobs.
  • Boundary markers: There are no specific delimiters or instructions provided to the agent to distinguish between tool output and instructions contained within the message content.
  • Sanitization: No sanitization or filtering of the retrieved content is performed before the agent processes it.
  • [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server endpoint at https://rube.app/mcp. While this is the intended mechanism for the skill's functionality, users should be aware that the agent will communicate with this external service to execute tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 09:34 AM