Skills
skills/nicepkg/ai-workflow/instagram/Gen Agent Trust Hub

instagram

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill fetches untrusted data from an external source (Instagram media captions) through the Graph API. This content is brought into the agent's context, potentially influencing its subsequent behavior.
  • Ingestion points: File SKILL.md defines commands to fetch caption fields from the /media and /<media-id> endpoints.
  • Boundary markers: Absent. The skill does not provide instructions to the agent to delimit or ignore instructions found within retrieved captions.
  • Capability inventory: The skill allows for network operations (curl) and local file writes (/tmp/request.json).
  • Sanitization: Absent. No evidence of content filtering or escaping for retrieved data.
  • COMMAND_EXECUTION (SAFE): The skill utilizes bash -c for executing curl commands to interact with legitimate Facebook/Instagram endpoints. This is used for standard API integration and environment variable management.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:12 PM