The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/download.sh script is vulnerable to shell command injection. The user-supplied URL is interpolated directly into an ssh command string. An attacker can provide a URL containing shell metacharacters (e.g., backticks or $(...)) to execute arbitrary commands on the remote server defined in COBALT_SERVER.
[COMMAND_EXECUTION]: The scripts/analyze.sh script is vulnerable to Python code injection. It uses a shell heredoc to insert the ${USERNAME} variable into a Python script. If the username contains characters that break the Python string literal (e.g., quotes followed by Python commands), it can lead to arbitrary code execution within the local Python process.
[DATA_EXFILTRATION]: The scripts/deploy-cookies.sh script facilitates the transfer of highly sensitive Instagram session cookies (cookies.json) from the local environment to a remote server via scp. This practice exposes these session tokens to potential interception or compromise on the destination server.
[CREDENTIALS_UNSAFE]: The skill manages high-value secrets, including HikerAPI keys and full Instagram session cookies, stored in the ~/.secrets/ directory. Although it applies chmod 600 to these files, the architecture of the skill relies on the insecure transmission and storage of these credentials across multiple systems.
[PROMPT_INJECTION]: The skill ingests untrusted data from Instagram, such as post captions and audio transcriptions from Reels. This creates an indirect prompt injection surface where malicious instructions embedded in the social media content could be interpreted and acted upon by the AI agent during analysis.

instagram-hikerapi