Skills
skills/postplusai/postplus-skills/instagram-creator-discovery/Gen Agent Trust Hub

instagram-creator-discovery

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill performs creator discovery and research by communicating with the vendor's hosted API (PostPlus Cloud) at established endpoints.
  • [EXTERNAL_DOWNLOADS]: Includes a dedicated script (download_videos_from_manifest_with_ytdlp.mjs) to download Instagram videos using the well-known and trusted yt-dlp tool.
  • [COMMAND_EXECUTION]: Executes yt-dlp (via python3 -m yt_dlp) to facilitate video downloads. External process calls use spawn with argument arrays, which is a secure practice to prevent shell injection.
  • [SAFE]: Implements a robust configuration system for managing vendor-specific session tokens and settings in standard system locations (e.g., ~/Library/Application Support/postplus).
  • [SAFE]: Includes a billing safety mechanism ("Quote Confirmation") that requires explicit user approval before performing high-cost hosted collection operations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 07:52 PM