klaviyo
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Communicates with the official Klaviyo API at https://a.klaviyo.com to manage marketing profiles, lists, and events.
- [COMMAND_EXECUTION]: Uses the curl utility to perform HTTP requests and executes a vendor-specific tool 'zero' for connectivity diagnostics.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Marketing data such as email addresses, names, and event properties processed via SKILL.md.
- Boundary markers: Absent; the skill interpolates data directly into JSON templates without explicit delimiters.
- Capability inventory: Network access via curl and file-write access to the /tmp directory for staging request bodies.
- Sanitization: No validation or sanitization of input data is defined before its inclusion in API payloads.
Audit Metadata