instagram-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to load user-provided Instagram/Threads/LinkedIn URLs via a browser relay and extract captions, carousel slide text, media and links (see "Get access to the real post (relay)" and "Extract enough to be useful"), which are untrusted, user-generated third‑party pages that the agent must read and act on (classify, save, ingest prompts), enabling indirect prompt injection.