klaviyo-developer
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected.
- [DATA_EXFILTRATION]: The skill includes utility scripts that communicate with the Klaviyo API and user-defined webhooks. The test-webhook tool in scripts/dev_tools.py validates URLs to prevent Server-Side Request Forgery (SSRF) against internal or cloud metadata services.
- [COMMAND_EXECUTION]: The provided Python utilities manage data transfer and CSV export. These scripts use safety wrappers for file path resolution to prevent directory traversal.
- [PROMPT_INJECTION]: The skill's primary function involves processing external data from the Klaviyo API. Mandatory Evidence Chain: 1. Ingestion points: scripts/klaviyo_client.py and scripts/dev_tools.py via API fetch calls. 2. Boundary markers: Absent. 3. Capability inventory: Network requests (Klaviyo API) and File writes (CSV export). 4. Sanitization: Basic JSON/CSV formatting.
Audit Metadata