Skills
skills/jeremylongshore/claude-code-plugins-plus/instantly-migration-deep-dive/Gen Agent Trust Hub

instantly-migration-deep-dive

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill's migration logic involves processing raw email credentials (SMTP and IMAP passwords). While the code demonstrates sending these to the Instantly.ai API, the execution context maintains access to these secrets, increasing the risk of exposure if the environment is compromised.
  • [COMMAND_EXECUTION]: The skill configuration requests high-privilege tool access, specifically Bash(npm:*) and Bash(curl:*), which allows for arbitrary package installation and network operations beyond the scope of migration.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of external CSV files.
  • Ingestion points: The importLeadsFromCSV function in SKILL.md reads untrusted data from local file paths using readFileSync.
  • Boundary markers: None. The script iterates through CSV records and maps them directly to API request bodies without using delimiters or protective instructions.
  • Capability inventory: The skill possesses file read capabilities (fs.readFileSync) and network write capabilities (client.request) within SKILL.md.
  • Sanitization: No validation or escaping is performed on the data imported from the CSV columns before it is transmitted to the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 05:45 PM