instagram-place-posts
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary execution pattern involves the use of
eval "$(python scripts/xxx.py '{param}')". This design pattern is risky as it performs shell evaluation on strings that include user-supplied parameters, which could lead to command injection if the agent does not properly escape inputs placed in the placeholders. - [PROMPT_INJECTION]: The skill processes untrusted user-generated content from Instagram, which may contain malicious instructions designed to influence the agent's behavior (Indirect Prompt Injection).
- Ingestion points: The script
scripts/get-place-posts.pyfetches post sections from the Instagram API, including thecaption.textandusernamefields. - Boundary markers: No specific boundary markers or instructions to disregard embedded commands are included in
SKILL.mdwhen processing the accumulated post data. - Capability inventory: The environment allows the execution of
bashandpythonscripts, and provides access to thebrowser-acttool for browser automation. - Sanitization: There is no evidence of sanitization or filtering applied to the
captiontext inscripts/get-place-posts.pybefore it is returned to the agent context.
Audit Metadata