Skills
skills/membranedev/application-skills/instagram-messenger/Gen Agent Trust Hub

instagram-messenger

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the @membranehq/cli tool to manage Instagram Messenger connections and actions. It provides a series of commands for authentication, connection management, and running API actions.
  • [EXTERNAL_DOWNLOADS]: The skill fetches the official @membranehq/cli package from the NPM registry to facilitate integration with the Membrane platform.
  • [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection as it retrieves data from external Instagram messages.
  • Ingestion points: Untrusted data enters the agent's context through actions like get-conversation-messages and list-conversations defined in SKILL.md.
  • Boundary markers: There are no specified delimiters or instructions to ignore embedded commands within the message content provided to the agent.
  • Capability inventory: The agent has the capability to execute state-changing actions (e.g., delete-ice-breakers, send-text-message) and arbitrary requests via the membrane request command.
  • Sanitization: No sanitization or filtering logic is described for the content ingested from the Instagram Messenger API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 07:32 AM