pp-klaviyo

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the klaviyo-pp-cli tool, which is fetched from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and an installer package from npm (@mvanhorn/printing-press).
  • [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands using the klaviyo-pp-cli binary to interact with the Klaviyo API and perform local data processing.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature that allows the agent to send command outputs to a user-specified HTTP endpoint. While a documented feature for integration, it provides a functional surface for data transfer to remote servers.
  • [PROMPT_INJECTION]: The skill ingests data from external API responses (Klaviyo profiles/events) and local files (HTML templates, growth briefs). This data is processed by the agent to perform tasks like image swapping or strategy generation, which constitutes a surface for indirect prompt injection.
  • Ingestion points: Klaviyo API responses (profiles, campaigns, flows), local HTML files, and markdown growth briefs.
  • Boundary markers: None explicitly defined in the instructions to separate untrusted data from agent instructions.
  • Capability inventory: The skill can execute shell commands, write to local files, and POST data to webhooks.
  • Sanitization: No explicit sanitization or validation of the ingested external content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:23 AM
Security Audit — agent-trust-hub — pp-klaviyo