instantly-campaigns
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection within the
generate_campaigns_with_claudefunction inscripts/instantly_create_campaigns.py. - Ingestion points: Untrusted data is ingested from external Google Sheets (via
scripts/read_sheet.py), user-provided command-line arguments such as--client_description, and a local examples file.tmp/instantly_campaign_examples/campaigns.md. - Boundary markers: No delimiters or defensive instructions are used to isolate these variables when they are interpolated into the prompt for the Claude model.
- Capability inventory: The agent has the capability to interact with the Instantly API to create email campaigns and the Anthropic API to generate content.
- Sanitization: The skill does not sanitize or validate the content of the ingested data before prompt interpolation.
- [EXTERNAL_DOWNLOADS]: The script
scripts/read_sheet.pyfetches data from Google Sheets, which is a well-known and trusted service from a recognized organization (Google). This data is used in downstream LLM prompts. - [COMMAND_EXECUTION]: The
SKILL.mdfile contains instructions that involve executing local Python scripts with parameters derived from user-provided strings, which are passed as command-line arguments to the system shell.
Audit Metadata