Security Audit
Customer.io Automation
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
Customer.io Automation received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Arbitrary URL fetching capability in CUSTOMERIO_TRIGGER_BROADCAST.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Arbitrary URL fetching capability in CUSTOMERIO_TRIGGER_BROADCAST The `CUSTOMERIO_TRIGGER_BROADCAST` tool includes a `data_file_url` parameter, which allows it to fetch user data from an arbitrary URL. If the LLM is prompted to provide a malicious or unvalidated URL, this could lead to Server-Side Request Forgery (SSRF), data exfiltration (if the URL is crafted to include sensitive data in its path/query and points to an attacker-controlled server), or the fetching of malicious content. The underlying system responsible for executing the fetch operation should implement robust URL validation and sandboxing to mitigate these risks. Implement strict URL validation (e.g., allow-listing specific domains or protocols, restricting internal network access) for the `data_file_url` parameter. Ensure robust network egress filtering is in place. Additionally, strengthen the LLM's defenses against prompt injection attempts that could lead to the generation of malicious URLs. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/6a74ff90ec35bcc7)
Powered by SkillShield