The Agent Skills Directory

[COMMAND_EXECUTION]: The script download_videos_from_manifest_with_ytdlp.mjs uses child_process.spawn to execute python3 -m yt_dlp. This is used for downloading video content from Instagram posts and Reels. The arguments are passed as an array to the spawn command, which is a secure practice to prevent shell injection.
[EXTERNAL_DOWNLOADS]: The skill facilitates downloading media (images and videos) from Instagram URLs. It also communicates with the vendor's hosted collection infrastructure (PostPlus Cloud) via HTTPS and bridge sockets to retrieve scraped Instagram data.
[DATA_EXFILTRATION]: The skill sends search queries and discovery briefs to the vendor's hosted actors and APIs (e.g., instagram-search-scraper, instagram-profile-scraper) to perform research tasks. This is the primary intended functionality of the skill for remote data collection.
[PROMPT_INJECTION]: The skill processes untrusted user-generated content from Instagram, including biographies, post captions, and comments. This data is ingested into the local research pool for analysis and ranking. While primarily used for data processing, this ingestion point represents a surface for indirect prompt injection if the resulting content is interpreted as instructions in downstream agent tasks.
Ingestion points: Instagram data is ingested via normalize_instagram_dataset.mjs and processed by ranking scripts like rank_instagram_creators.mjs.
Boundary markers: The processing scripts do not explicitly define boundary markers to isolate untrusted content from instructional prompts.
Capability inventory: The skill has capabilities for file system writes, network communication with vendor APIs, and subprocess execution for media processing.
Sanitization: Standard string normalization and cleaning (e.g., cleanString, safeLower) are performed, though no specific filtering for adversarial prompt injection patterns is implemented.

instagram-creator-discovery