insta-master
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions in
SKILL.mdfor thepost-check.pyhelper script interpolate user-provided Instagram captions directly into a shell command:python3 <insta-master-dir>/scripts/post-check.py "<legenda completa>". This creates a surface for indirect prompt injection or command injection if the agent does not properly escape shell-sensitive characters like backticks or quotes within the user's content. - Ingestion points: User-supplied Instagram captions (
legenda) processed viaSKILL.mdandreferences/checklist-publicacao.md. - Boundary markers: The command template uses double quotes (
"") to wrap the input, which is a weak boundary that can be escaped. - Capability inventory: The agent is instructed to execute local Python scripts via the
python3command. - Sanitization: There are no explicit instructions or scripts provided to sanitize or escape shell metacharacters in the input before execution.
Audit Metadata