instantly-install-auth
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a standard setup for API authentication. It correctly instructs the user to store sensitive API keys in a
.envfile rather than hardcoding them into the scripts. - [DATA_EXPOSURE]: The skill interacts with the official Instantly.ai API endpoint (
https://api.instantly.ai/api/v2/). These network operations are consistent with the skill's stated purpose and do not show signs of data exfiltration to unauthorized third parties. - [COMMAND_EXECUTION]: The provided Bash script is used to create a configuration file (
.env) with user-supplied placeholders. This is a routine development task and does not involve privilege escalation or dangerous command injection. - [INDIRECT_PROMPT_INJECTION]: The skill fetches data from the Instantly.ai API during its verification step. While this represents an external data ingestion point, the scripts only perform basic status checks (e.g., checking the length of a list) and do not pass raw API data back into the agent's primary prompt in a way that could influence behavior.
Audit Metadata