instagram-profile-posts

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's documentation directs the agent to execute shell commands using the 'eval $(python ...)' pattern. This is a severe security risk as it executes the output of a Python script that incorporates unvalidated user input such as the Instagram username. An attacker can provide a payload containing shell metacharacters like semicolons or backticks to execute arbitrary commands on the host machine.
  • [REMOTE_CODE_EXECUTION]: The Python scripts generate JavaScript code by directly interpolating command-line arguments into code templates using f-strings. This lack of sanitization allows for JavaScript injection. When this injected script is executed in the browser context, it can perform unauthorized actions or steal data. Combined with the shell command injection, this provides multiple vectors for arbitrary code execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data without validation. Ingestion points: User-provided username, user_id, and cursor variables in SKILL.md and scripts. Boundary markers: None; inputs are directly embedded into shell command templates and JavaScript strings. Capability inventory: Execution of subprocesses via the shell eval command and browser interaction through the fetch API. Sanitization: None; the skill relies on simple string interpolation without any escaping or validation logic.
  • [DATA_EXFILTRATION]: The identified injection flaws can be exploited to exfiltrate sensitive information. Injected JavaScript could steal session cookies or local storage data from the user's browser session. Similarly, injected shell commands could be used to read and transmit sensitive local files such as configuration files or credentials.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — instagram-profile-posts