blitzreels-carousels-instagram
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The script
scripts/instagram.shcalculates a path using../../to locate and executecarousel.sh. This relies on a specific external directory structure and executes code from a computed path, which is a potential security risk if the environment is manipulated. - [Indirect Prompt Injection] (MEDIUM): The skill accepts arbitrary user input via command-line arguments (
$@) which are then passed to a shell execution command. While common for wrappers, this represents an unvalidated data ingestion point that could be exploited if the underlying script has vulnerabilities. - Ingestion points: Command-line arguments (
$@) inscripts/instagram.sh. - Boundary markers: None observed.
- Capability inventory: Shell execution (
exec bash). - Sanitization: None observed in the wrapper script.
Audit Metadata