instagram-audience-voice

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements Instagram research workflows using a modular architecture of local Node.js scripts. These scripts perform well-defined tasks like data normalization, ranking, and clustering without using dangerous functions like eval or exec on untrusted input.
  • [SAFE]: Data collection is conducted via a hosted platform (PostPlus Cloud). The communication protocol includes token-based authentication and a quote confirmation system to prevent unexpected billing, representing a high standard of security for cloud-integrated skills.
  • [SAFE]: The media download functionality uses yt-dlp via a safe spawn execution pattern. The tool is a legitimate and widely-used utility for media analysis. URLs passed to the downloader are extracted from Instagram CDN sources during the normalization process.
  • [SAFE]: Sensitive configuration data, such as API tokens, are managed through the standard PostPlus CLI configuration files located in the user's home directory, avoiding hardcoded secrets or insecure storage.
  • [SAFE]: The skill uses strict path boundaries for all local data artifacts, keeping raw datasets and intermediate caches within the .postplus/ directory as specified in the execution contract.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:52 PM
Security Audit — agent-trust-hub — instagram-audience-voice