instagram-tools
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflows invoke "hosted profile/post/comment run" (via run_hosted_collection/hosted_collection_bridge) to collect public Instagram posts/comments (user-generated) which are then normalized, clustered, and ranked as part of the agent workflow, and the included download_videos_from_manifest_with_ytdlp.mjs explicitly downloads arbitrary item.sourceUrl web videos from a manifest—demonstrating ingestion of untrusted third‑party content that can influence subsequent tool actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to PostPlus hosted endpoints (e.g.
${apiBaseUrl}/api/postplus-cli/hosted/capabilityand${apiBaseUrl}/api/postplus-cli/hosted/collection) whose JSON error payloads can include an "agentAction" / quoteConfirmation that directly instructs agents which commands to run, and the skill requires the hosted bridge (apiBaseUrl) for hosted capability/collection runs—so remote content can control prompts/instructions at runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata