Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/instantly-performance-tuning/Gen Agent Trust Hub

instantly-performance-tuning

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external API responses and webhooks without explicit boundary markers or sanitization.
  • Ingestion points: Data fetched from https://api.instantly.ai/api/v1/lead/get and webhook payloads handled in handleInstantlyWebhook enter the agent's context.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when handling external data.
  • Capability inventory: The skill utilizes fetch for network operations and possesses Write and Edit permissions for the local file system.
  • Sanitization: The implementation lacks logic to validate or sanitize content received from the Instantly API before it is processed or potentially stored.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 05:56 PM