pp-instagram

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to install the instagram-pp-cli binary using npx from the @mvanhorn/printing-press-library NPM package or via go install from the vendor's GitHub repository (github.com/mvanhorn/printing-press-library).- [COMMAND_EXECUTION]: The skill requires the Bash tool to execute the instagram-pp-cli binary for retrieving and analyzing Instagram Business metrics.- [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> feature that allows the agent to route command outputs (containing potentially sensitive account insights) to arbitrary external URLs. It also includes a feedback mechanism that sends local logs to a remote endpoint if INSTAGRAM_FEEDBACK_ENDPOINT is configured.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing and displaying untrusted data from the Instagram Graph API.
  • Ingestion points: Data ingested includes media captions, user comments, and account biographies (seen in media list and comments list commands).
  • Boundary markers: The skill does not define specific delimiters or warnings to treat API-returned content as untrusted text.
  • Capability inventory: The agent has access to the Bash tool and the CLI can perform network operations via webhooks and file operations via the deliver sink.
  • Sanitization: No sanitization or escaping of external content is specified before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:25 AM
Security Audit — agent-trust-hub — pp-instagram