instagram-hashtag-posts

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses an unsafe pattern for executing scripts: eval "$(python scripts/fetch-hashtag-posts.py '{hashtag}')". Because user-provided input is interpolated directly into a bash command substitution without sanitization, an attacker could craft a hashtag containing shell metacharacters (e.g., test' $(id) ') to execute arbitrary commands on the system.
  • [COMMAND_EXECUTION]: Both scripts/fetch-hashtag-posts.py and scripts/parse-hashtag-response.py utilize dynamic code generation by interpolating variables into JavaScript strings. This generated code is then executed in the browser context, which could lead to unintended script execution if inputs are not strictly validated.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from Instagram (captions and user information) that could contain malicious instructions for the agent.
  • Ingestion points: Data is fetched from Instagram's GraphQL API in scripts/fetch-hashtag-posts.py and read from local files in scripts/parse-hashtag-response.py.
  • Boundary markers: No delimiters or "ignore instructions" warnings are implemented to separate untrusted content from agent instructions.
  • Capability inventory: The agent has access to shell execution, browser navigation, and local file reads.
  • Sanitization: There is no evidence of validation, escaping, or filtering for the scraped content before it is interpolated into the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — instagram-hashtag-posts