instagram-hashtag-posts
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill navigates to Instagram’s hashtag search page and then runs
eval "$(python scripts/fetch-hashtag-posts.py '{hashtag}')"which executes browser JS that POSTs to Instagram’s GraphQL endpoint and ingests the returned JSON (outsider-authored public web content fetched at runtime) into the agent’s context via the tool output.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata