instantly-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements logic to ingest and process untrusted data from external Instantly.ai webhook payloads (e.g., email reply text, lead metadata). This creates an attack surface for indirect prompt injection where malicious content embedded in an outreach event could attempt to influence the agent or downstream systems.
- Ingestion Point:
req.bodyin the webhook event handler inSKILL.md. - Boundary Markers: The provided code templates do not include delimiters or specific instructions to the agent to treat the payload data as untrusted content.
- Capability Inventory: The skill enables the agent to interact with CRM clients, Slack notifications, and the Instantly API using data derived from the untrusted payloads.
- Sanitization: The implementation uses basic string slicing for logging and notifications, but does not provide robust validation or sanitization against embedded instructions.
Audit Metadata