instagram-campaign-scout
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill implements standard campaign monitoring functionality within the PostPlus ecosystem.- [COMMAND_EXECUTION]: The skill executes local commands including
ffmpegfor video processing andpython3 -m yt_dlpfor media extraction. It also runs internal Node.js scripts using the system's Node interpreter. These operations are essential to the skill's purpose of media analysis and data management.- [EXTERNAL_DOWNLOADS]: Video content is downloaded from Instagram viayt-dlpbased on campaign manifests. Additionally, the skill communicates with the PostPlus Cloud API for hosted collection tasks. These network operations are authenticated and directed to verified service endpoints.- [PROMPT_INJECTION]: The skill ingests untrusted data from Instagram (captions, hashtags, and comments). While this constitutes an indirect prompt injection surface, the skill employs basic sanitization and normalization routines (e.g.,cleanString,safeLower) and does not possess capabilities that would allow this data to trigger dangerous actions.
Audit Metadata