comment-funnel
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns or unauthorized behaviors were detected. The skill is designed to manage Instagram DM automation using the vendor's platform and official Instagram Private Replies API.\n- [EXTERNAL_DOWNLOADS]: The README provides installation instructions using
npx skills add Upload-Post/upload-post-comment-funnel, which targets the author's official skill distribution channel.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it reads and processes untrusted user-generated content from Instagram comments.\n - Ingestion points: Data enters the context via the
GET /uploadposts/commentsendpoint inSKILL.md.\n - Boundary markers: The skill does not define specific delimiters or instructions to encapsulate untrusted data when the agent evaluates comment content.\n
- Capability inventory: The agent has the ability to send DMs and configure background monitoring tasks based on processed comment data.\n
- Sanitization: There is no instruction to sanitize or filter comment text before the agent performs semantic intent analysis.
Audit Metadata