instagram-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches and analyzes content from external Instagram accounts. Malicious actors could place instructions in Instagram captions or profile bios to influence the agent's report generation or subsequent tasks.
- Ingestion points: Data is retrieved from the Apify API in
fetch_instagram.pyand saved toraw.json. - Boundary markers: Absent. The workflow does not suggest using delimiters (like XML tags) or specific instructions to treat the scraped content as untrusted data.
- Capability inventory: The agent can execute local Python scripts, write files to the filesystem, and interact with the Gemini API.
- Sanitization: While
analyze_posts.pycleans text for keyword extraction, it does not sanitize the content for potential prompt injection patterns before the agent processes it for reporting. - [External Downloads] (LOW): The skill communicates with
api.apify.comto scrape Instagram data. This is expected behavior but involves interaction with a third-party service outside the strictly trusted list. - [Data Exposure & Exfiltration] (SAFE): The skill accesses
APIFY_TOKENandGEMINI_API_KEYthrough environment variables. These credentials are used only for their intended APIs and are not transmitted elsewhere.
Audit Metadata