instagram-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires calling Instagram APIs (e.g., INSTAGRAM_GET_IG_USER_MEDIA, INSTAGRAM_GET_IG_MEDIA_COMMENTS and using public image/video URLs in INSTAGRAM_CREATE_MEDIA_CONTAINER) to fetch user-generated Instagram content that the agent must read/interpret as part of its workflows, exposing it to untrusted third-party content that could influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires connecting to Rube MCP at https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS) to fetch current tool schemas that directly define the agent's tools/instructions, so remote content can control agent behavior.