Skills
skills/gkwa/volcanicviper/instagram-to-imgur/Gen Agent Trust Hub

instagram-to-imgur

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses command-line tools including uvx, curl, mktemp, and file.
  • [EXTERNAL_DOWNLOADS]: Fetches the yt-dlp package from a Python registry and downloads image assets from Instagram's content delivery networks.
  • [REMOTE_CODE_EXECUTION]: Uses uvx to download and execute yt-dlp dynamically.
  • [PROMPT_INJECTION]: The ingestion of data from Instagram and Imgur APIs introduces a surface for indirect prompt injection.
  • Ingestion points: Instagram URLs, yt-dlp output, and JSON from the Imgur API.
  • Boundary markers: No delimiters are present to isolate external content from the agent's instructions.
  • Capability inventory: The skill can execute shell commands and make network requests.
  • Sanitization: External data is not sanitized or escaped before being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 04:31 AM
Security Audit — agent-trust-hub — instagram-to-imgur