pp-klaviyo
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
klaviyo-pp-clitool, which is fetched from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and an installer package from npm (@mvanhorn/printing-press). - [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands using the
klaviyo-pp-clibinary to interact with the Klaviyo API and perform local data processing. - [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>feature that allows the agent to send command outputs to a user-specified HTTP endpoint. While a documented feature for integration, it provides a functional surface for data transfer to remote servers. - [PROMPT_INJECTION]: The skill ingests data from external API responses (Klaviyo profiles/events) and local files (HTML templates, growth briefs). This data is processed by the agent to perform tasks like image swapping or strategy generation, which constitutes a surface for indirect prompt injection.
- Ingestion points: Klaviyo API responses (profiles, campaigns, flows), local HTML files, and markdown growth briefs.
- Boundary markers: None explicitly defined in the instructions to separate untrusted data from agent instructions.
- Capability inventory: The skill can execute shell commands, write to local files, and POST data to webhooks.
- Sanitization: No explicit sanitization or validation of the ingested external content is mentioned.
Audit Metadata