instagram-hashtag-posts
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses an unsafe pattern for executing scripts:
eval "$(python scripts/fetch-hashtag-posts.py '{hashtag}')". Because user-provided input is interpolated directly into a bash command substitution without sanitization, an attacker could craft a hashtag containing shell metacharacters (e.g.,test' $(id) ') to execute arbitrary commands on the system. - [COMMAND_EXECUTION]: Both
scripts/fetch-hashtag-posts.pyandscripts/parse-hashtag-response.pyutilize dynamic code generation by interpolating variables into JavaScript strings. This generated code is then executed in the browser context, which could lead to unintended script execution if inputs are not strictly validated. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from Instagram (captions and user information) that could contain malicious instructions for the agent.
- Ingestion points: Data is fetched from Instagram's GraphQL API in
scripts/fetch-hashtag-posts.pyand read from local files inscripts/parse-hashtag-response.py. - Boundary markers: No delimiters or "ignore instructions" warnings are implemented to separate untrusted content from agent instructions.
- Capability inventory: The agent has access to shell execution, browser navigation, and local file reads.
- Sanitization: There is no evidence of validation, escaping, or filtering for the scraped content before it is interpolated into the agent's context.
Audit Metadata