keyapi-instagram-user-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches Instagram user-generated content from the KeyAPI MCP server (Server URL: https://mcp.keyapi.ai/instagram/mcp in SKILL.md) and scripts/run.js calls and parses those tool responses (posts, followers, stories, similar accounts) and uses that data to drive pagination, follow-up tool calls, caching, and image-conversion steps—so untrusted third-party content is read and can materially influence agent behavior.