klaviyo-automation
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill instructions.
- [EXTERNAL_DOWNLOADS]: The skill references an external MCP server endpoint (https://rube.app/mcp) required for its core functionality. This is a configuration step for the agent environment and does not involve direct script execution or untrusted downloads.
- [PROMPT_INJECTION]: The skill processes data from the Klaviyo API (such as campaign content and messages), which represents a surface for indirect prompt injection. However, the skill's functionality is restricted to read and monitoring operations, and no malicious instructions were found in the skill itself.
- [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were identified. The skill facilitates authorized access to marketing data through established connection management tools (RUBE_MANAGE_CONNECTIONS).
Audit Metadata