pp-instagram
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to install the
instagram-pp-clibinary usingnpxfrom the@mvanhorn/printing-press-libraryNPM package or viago installfrom the vendor's GitHub repository (github.com/mvanhorn/printing-press-library).- [COMMAND_EXECUTION]: The skill requires theBashtool to execute theinstagram-pp-clibinary for retrieving and analyzing Instagram Business metrics.- [DATA_EXFILTRATION]: The CLI tool supports a--deliver webhook:<url>feature that allows the agent to route command outputs (containing potentially sensitive account insights) to arbitrary external URLs. It also includes a feedback mechanism that sends local logs to a remote endpoint ifINSTAGRAM_FEEDBACK_ENDPOINTis configured.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing and displaying untrusted data from the Instagram Graph API. - Ingestion points: Data ingested includes media captions, user comments, and account biographies (seen in
media listandcomments listcommands). - Boundary markers: The skill does not define specific delimiters or warnings to treat API-returned content as untrusted text.
- Capability inventory: The agent has access to the
Bashtool and the CLI can perform network operations via webhooks and file operations via thedeliversink. - Sanitization: No sanitization or escaping of external content is specified before the data is processed by the agent.
Audit Metadata