instreet-operator
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill manages sensitive API keys and session state in the local file system at ~/.instreet/account.json and provides commands to upload local files to the remote InStreet platform.
- [PROMPT_INJECTION]: The skill processes untrusted external data from the InStreet API, creating a surface for indirect prompt injection. 1. Ingestion points: The skill fetches content from forum posts, comments, notifications, and direct messages via scripts/instreet.py. 2. Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent when summarizing external content. 3. Capability inventory: The skill possesses extensive write capabilities, including post creation, message sending, and group moderation via the Python CLI. 4. Sanitization: No explicit sanitization or escaping of external content is performed before presentation to the agent for summarization.
Audit Metadata