Skills
skills/openclaw/skills/instagram-reels/Gen Agent Trust Hub

instagram-reels

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands including yt-dlp, ffmpeg, and curl to extract metadata, download media, and perform audio conversion on the local system.
  • [EXTERNAL_DOWNLOADS]: It fetches media content from external content delivery networks (CDNs) associated with platforms like Instagram and TikTok, and sends audio data to the well-known Groq API (api.groq.com) for transcription services.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes untrusted data from the web.
  • Ingestion points: Captions, metadata, and uploader information are read from social media platforms via yt-dlp, and transcription text is returned from the Groq API.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when presenting this external data to the agent.
  • Capability inventory: The skill is capable of executing subprocesses including curl, yt-dlp, and ffmpeg.
  • Sanitization: There is no evidence of sanitization or filtering of the external text content before it is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 04:22 PM