instagram-creator-discovery

Warn

Audited by Snyk on May 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill explicitly runs hosted collection actors (e.g., instagram-search-scraper, instagram-post-scraper, instagram-hashtag-scraper, instagram-comment-scraper) via run_instagram_actor to fetch public Instagram posts, Reels, comments and hashtags (see SKILL.md workflow steps and actor-selection.md), and those untrusted, user-generated contents are parsed and used to extract candidates and drive ranking/enrichment decisions—exposing the agent to indirect prompt-injection risk.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 07:44 AM
Issues
1
Security Audit — snyk — instagram-creator-discovery