keyapi-instagram-content-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the KeyAPI MCP Instagram endpoints (e.g., get_post_info, get_post_comments, get_posts_by_hashtag, get_explore_page_sections) against https://mcp.keyapi.ai/instagram/mcp as shown in SKILL.md and scripts/run.js, ingesting public Instagram posts/comments (user-generated, untrusted) and then instructing the agent to analyze/synthesize those results into reports, so third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). At runtime the script connects to the KeyAPI MCP server (https://mcp.keyapi.ai//mcp) to fetch tool schemas and to invoke tools via client.callTool, which executes server-side tools (remote code) that directly control runtime behavior and are required for the skill to operate.