instagram-post-comments
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions in
SKILL.mduse the patterneval "$(python scripts/xxx.py '{param}')". This pattern is highly susceptible to shell command injection if the{shortcode}or{media_id}parameters contain shell metacharacters such as backticks or subshells (e.g.,$(command)or; command ;). - [REMOTE_CODE_EXECUTION]: The Python scripts
scripts/get-media-id.pyandscripts/get-post-comments.pygenerate JavaScript code by directly interpolating command-line arguments into string templates using f-strings. This allows an attacker to inject arbitrary JavaScript code that will be executed in the browser context when the output is evaluated. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8):
- Ingestion points: Fetches external content (comment text and usernames) from the Instagram API via
scripts/get-post-comments.py. - Boundary markers: None; the external content is processed and returned directly to the agent's context without delimiters or safety warnings.
- Capability inventory: The skill has access to shell execution (
eval/bash) and browser network operations (fetch). - Sanitization: No validation or escaping is performed on the data retrieved from the Instagram API before it is handled by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata