instagram-tools

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflows invoke "hosted profile/post/comment run" (via run_hosted_collection/hosted_collection_bridge) to collect public Instagram posts/comments (user-generated) which are then normalized, clustered, and ranked as part of the agent workflow, and the included download_videos_from_manifest_with_ytdlp.mjs explicitly downloads arbitrary item.sourceUrl web videos from a manifest—demonstrating ingestion of untrusted third‑party content that can influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to PostPlus hosted endpoints (e.g. ${apiBaseUrl}/api/postplus-cli/hosted/capability and ${apiBaseUrl}/api/postplus-cli/hosted/collection) whose JSON error payloads can include an "agentAction" / quoteConfirmation that directly instructs agents which commands to run, and the skill requires the hosted bridge (apiBaseUrl) for hosted capability/collection runs—so remote content can control prompts/instructions at runtime.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 08:48 PM
Issues
2
Security Audit — snyk — instagram-tools