instagram-audience-voice
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements Instagram research workflows using a modular architecture of local Node.js scripts. These scripts perform well-defined tasks like data normalization, ranking, and clustering without using dangerous functions like
evalorexecon untrusted input. - [SAFE]: Data collection is conducted via a hosted platform (PostPlus Cloud). The communication protocol includes token-based authentication and a quote confirmation system to prevent unexpected billing, representing a high standard of security for cloud-integrated skills.
- [SAFE]: The media download functionality uses
yt-dlpvia a safespawnexecution pattern. The tool is a legitimate and widely-used utility for media analysis. URLs passed to the downloader are extracted from Instagram CDN sources during the normalization process. - [SAFE]: Sensitive configuration data, such as API tokens, are managed through the standard PostPlus CLI configuration files located in the user's home directory, avoiding hardcoded secrets or insecure storage.
- [SAFE]: The skill uses strict path boundaries for all local data artifacts, keeping raw datasets and intermediate caches within the
.postplus/directory as specified in the execution contract.
Audit Metadata