Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it retrieves and processes untrusted data from external sources (Instagram).
- Ingestion points: Untrusted data enters the agent context through tools such as
instagram_list_comments,instagram_get_conversation_messages, andinstagram_get_message(SKILL.md). - Boundary markers: There are no instructions requiring the use of delimiters or specific warnings to ignore instructions embedded within the retrieved comments or messages.
- Capability inventory: The skill includes tools that can modify the state of the account based on agent decisions, such as
instagram_delete_comment,instagram_hide_comment,instagram_send_message, andinstagram_publish_media(SKILL.md). - Sanitization: There is no mention of sanitizing or validating the content of comments or messages before the agent processes them, which could lead the agent to follow malicious instructions hidden in user content.
Audit Metadata