Skills
skills/renatoasse/opensquad/instagram-publisher/Gen Agent Trust Hub

instagram-publisher

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md invocation string and workflow instructions facilitate command injection by interpolating user-controlled variables ({images} and {caption}) directly into a shell command line. An attacker could craft inputs containing shell metacharacters (e.g., ;, &, |, or backticks) to execute arbitrary code on the host system.
  • [DATA_EXFILTRATION]: The scripts/publish.js script reads local files from the filesystem using readFileSync and transmits them to https://catbox.moe/user/api.php. Catbox.moe is a third-party, anonymous file hosting service. This mechanism allows the transmission of local data to an external service where the content becomes publicly accessible. If an attacker can influence the file paths provided to the script, they could exfiltrate sensitive system files (e.g., SSH keys or credentials).
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data which is subsequently used in high-capability operations (network requests and command execution).
  • Ingestion points: Data provided via the --images and --caption command-line arguments.
  • Boundary markers: None. Content is interpolated directly into the execution context.
  • Capability inventory: File system read access (readFileSync) and network communication (fetch).
  • Sanitization: None. The script performs basic length and count validation but does not sanitize content against injection or path traversal.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 11:33 PM