instagram-post-comments

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instructions in SKILL.md use the pattern eval "$(python scripts/xxx.py '{param}')". This pattern is highly susceptible to shell command injection if the {shortcode} or {media_id} parameters contain shell metacharacters such as backticks or subshells (e.g., $(command) or ; command ;).
  • [REMOTE_CODE_EXECUTION]: The Python scripts scripts/get-media-id.py and scripts/get-post-comments.py generate JavaScript code by directly interpolating command-line arguments into string templates using f-strings. This allows an attacker to inject arbitrary JavaScript code that will be executed in the browser context when the output is evaluated.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8):
  • Ingestion points: Fetches external content (comment text and usernames) from the Instagram API via scripts/get-post-comments.py.
  • Boundary markers: None; the external content is processed and returned directly to the agent's context without delimiters or safety warnings.
  • Capability inventory: The skill has access to shell execution (eval / bash) and browser network operations (fetch).
  • Sanitization: No validation or escaping is performed on the data retrieved from the Instagram API before it is handled by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:38 AM
Security Audit — agent-trust-hub — instagram-post-comments