insta
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The documented workflow involves ingesting external runtime data, which establishes an indirect prompt injection surface.
- Ingestion points:
insta logsandinsta eventspull live data from remote cloud services into the agent context as described incli-reference.md. - Boundary markers: There are no instructions defining boundaries or ignore-directives for data originating from logs or events.
- Capability inventory: The agent is provided with instructions for executing impactful commands such as
insta deployandinsta project deleteas listed incli-reference.md. - Sanitization: No validation or sanitization processes are mentioned for external log or event data.
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands via the
instaCLI for cloud infrastructure management and includes an auditing tool,insta observe, that installs a hook to monitor agent tool usage.
Audit Metadata