instagram-creator-discovery
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes subprocesses to run
ffmpeg,python3 -m yt_dlp, and local Node.js scripts. These tools are invoked to generate fixture videos for the workspace, download media content, and ingest artifacts. The arguments are strictly controlled or derived from validated workspace metadata. - [EXTERNAL_DOWNLOADS]: The script
download_videos_from_manifest_with_ytdlp.mjsfetches video files from remote URLs provided in a manifest. This behavior is central to the skill's media benchmarking and content discovery functionality. - [DATA_EXFILTRATION]: Networking components in
network_runtime.mjsandhosted_collection_bridge.mjsfacilitate communication with PostPlus Cloud infrastructure and official Instagram domains. These connections are used to execute data collection tasks and manage workspace assets. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection via processed Instagram content.
- Ingestion points: Untrusted data from Instagram (bios, captions, comments) is ingested into the workspace through hosted collection actors and stored in files such as
instagram-search-raw.json. - Boundary markers: Raw collection results do not employ explicit delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: The skill can execute subprocesses (
ffmpeg,yt_dlp), perform network requests to vendor APIs, and perform extensive file system operations viapostplus_workspace_runtime.mjs. - Sanitization: External content is sanitized using
cleanString,safeLower, and regex-based extraction before being used in ranking and summarizing logic, reducing the likelihood of successful manipulation.
Audit Metadata