skills/jeremylongshore/claude-code-plugins-plus-skills/instantly-performance-tuning/Gen Agent Trust Hub
instantly-performance-tuning
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from the Instantly API, creating a surface for indirect prompt injection.\n
- Ingestion points: External data is ingested through the
instantlyClient.batchGetmethod and user-defined fetcher functions mentioned inSKILL.md.\n - Boundary markers: The provided code snippets do not include explicit boundary markers or instructions to ignore embedded commands in the API responses.\n
- Capability inventory: The skill is granted
Read,Write, andEditpermissions.\n - Sanitization: There is no evidence of data sanitization or validation logic for the content retrieved from the external API.\n- [SAFE]: The skill follows security best practices by using environment variables (INSTANTLY_API_KEY, REDIS_URL) instead of hardcoding secrets.\n- [SAFE]: External library references point to well-known and trusted open-source repositories and official documentation.
Audit Metadata