instagram-creator-discovery

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes subprocesses to run ffmpeg, python3 -m yt_dlp, and local Node.js scripts. These tools are invoked to generate fixture videos for the workspace, download media content, and ingest artifacts. The arguments are strictly controlled or derived from validated workspace metadata.
  • [EXTERNAL_DOWNLOADS]: The script download_videos_from_manifest_with_ytdlp.mjs fetches video files from remote URLs provided in a manifest. This behavior is central to the skill's media benchmarking and content discovery functionality.
  • [DATA_EXFILTRATION]: Networking components in network_runtime.mjs and hosted_collection_bridge.mjs facilitate communication with PostPlus Cloud infrastructure and official Instagram domains. These connections are used to execute data collection tasks and manage workspace assets.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection via processed Instagram content.
  • Ingestion points: Untrusted data from Instagram (bios, captions, comments) is ingested into the workspace through hosted collection actors and stored in files such as instagram-search-raw.json.
  • Boundary markers: Raw collection results do not employ explicit delimiters or instructions to ignore embedded commands in the processed data.
  • Capability inventory: The skill can execute subprocesses (ffmpeg, yt_dlp), perform network requests to vendor APIs, and perform extensive file system operations via postplus_workspace_runtime.mjs.
  • Sanitization: External content is sanitized using cleanString, safeLower, and regex-based extraction before being used in ranking and summarizing logic, reducing the likelihood of successful manipulation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 07:44 AM
Security Audit — agent-trust-hub — instagram-creator-discovery