instagram-creator-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs collecting and ingesting public Instagram content (e.g., SKILL.md core rule step 1: "collect matching posts / Reels / hashtag results / tagged posts") and the actor-selection docs list scrapers like instagram-post-scraper and instagram-comment-scraper, meaning untrusted user-generated posts/comments are fetched and directly used to extract candidates and drive ranking/next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the PostPlus hosted endpoints (e.g. ${config.apiBaseUrl}/api/postplus-cli/hosted/collection and ${config.apiBaseUrl}/api/postplus-cli/hosted/capability), which are required for operation and invoke remote hosted actors (i.e., execute remote code) rather than just fetching benign data.