The Agent Skills Directory

[COMMAND_EXECUTION]: Potential shell command injection via the <POST_URL> variable in the Supadata retrieval command. The URL is interpolated into a curl bash command; if the URL contains subshell execution syntax like $() or backticks, it could allow arbitrary command execution.
[PROMPT_INJECTION]: Vulnerability to indirect prompt injection from untrusted external data.
Ingestion points: Instagram post captions and text visually transcribed from carousel slides by the browser agent.
Boundary markers: Absent. No delimiters or instruction-isolation markers are used for the extracted text.
Capability inventory: Execution of shell commands via curl and file-writing operations to the Knowledge Base.
Sanitization: Absent. The skill does not validate or sanitize extracted text before use in classification or storage.
[EXTERNAL_DOWNLOADS]: Connects to the Supadata API to retrieve post metadata. This is standard functionality for the skill's data ingestion purpose.

laniameda-instagram-carousel-extract