instagram-place-posts

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary execution pattern involves the use of eval "$(python scripts/xxx.py '{param}')". This design pattern is risky as it performs shell evaluation on strings that include user-supplied parameters, which could lead to command injection if the agent does not properly escape inputs placed in the placeholders.
  • [PROMPT_INJECTION]: The skill processes untrusted user-generated content from Instagram, which may contain malicious instructions designed to influence the agent's behavior (Indirect Prompt Injection).
  • Ingestion points: The script scripts/get-place-posts.py fetches post sections from the Instagram API, including the caption.text and username fields.
  • Boundary markers: No specific boundary markers or instructions to disregard embedded commands are included in SKILL.md when processing the accumulated post data.
  • Capability inventory: The environment allows the execution of bash and python scripts, and provides access to the browser-act tool for browser automation.
  • Sanitization: There is no evidence of sanitization or filtering applied to the caption text in scripts/get-place-posts.py before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — instagram-place-posts