instantly-debug-bundle
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the Instantly.ai API (api.instantly.ai) to retrieve diagnostic data. This network activity is necessary for the skill's primary function of generating debug reports.
- [COMMAND_EXECUTION]: Shell commands are utilized via curl and jq to fetch account diagnostics and campaign metadata directly from the Instantly.ai v2 API.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by ingesting and processing data from external API responses.
- Ingestion points: Diagnostic data is fetched from various api.instantly.ai endpoints, including campaign names, error logs, and webhook configurations.
- Boundary markers: None; the ingested content is aggregated and displayed without specific delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill has permissions to write to the local filesystem and execute shell commands.
- Sanitization: No validation or sanitization of the retrieved API data is performed before it is written to the debug output.
Audit Metadata