instagram-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The script 'scripts/download_instagram.py' performs runtime installation of the 'instaloader' package via 'pip' if not found.
- [COMMAND_EXECUTION] (LOW): The skill executes the 'instaloader' binary using 'subprocess' with arguments passed as a list to mitigate injection.
- [PROMPT_INJECTION] (MEDIUM): Vulnerability to indirect prompt injection through external Instagram content. 1. Ingestion: Data extracted via Playwright from profile pages. 2. Boundary markers: Absent. 3. Capability: File writing and network requests. 4. Sanitization: Minimal regex-based filtering.
Audit Metadata