instantly-enterprise-rbac
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_&_EXFILTRATION]: The skill accesses sensitive information such as API keys and workspace member emails. This behavior is required for its stated administrative purpose and is performed using standard API calls to the service provider. No unauthorized data exfiltration was observed.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from the Instantly API, creating a potential surface for indirect prompt injection.
- Ingestion points: Data is retrieved from the
/workspace-members,/api-keys, and/audit-logsendpoints (SKILL.md). - Boundary markers: No explicit delimiters or boundary instructions are present in the code snippets.
- Capability inventory: The skill possesses network access via its client and is authorized to use
Bashtools. - Sanitization: The provided examples log API data directly to the console without demonstrated sanitization.
Audit Metadata