instagram-pipeline
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill utilizes the
browser-cookie3library inbrowser_enricher.pyto programmatically extract sensitive session cookies (sessionid,csrftoken,ds_user_id) from the local Chrome cookie database. - [DATA_EXFILTRATION]: While the skill primarily interacts with Instagram's official API, the extraction of session data from a browser's protected store is a high-risk operation that bypasses standard authentication boundaries.
- [COMMAND_EXECUTION]: The skill executes several bash and Python commands, including a bundled
setup.shscript, subprocess calls toffmpeginmedia_extractor.py, and Python code execution via shell switches in the primary instructions. - [EXTERNAL_DOWNLOADS]: The pipeline automatically fetches images and videos from Instagram CDN URLs as part of the data enrichment process in
api_bootstrap.py. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data (captions, OCR text, and audio transcripts) from social media posts.
- Ingestion points: Data enters the agent's context through the Instagram API and the results of media processing in
media_extractor.py. - Boundary markers: There are no explicit markers or instruction delimiters to prevent the agent from potentially obeying instructions embedded within the extracted text.
- Capability inventory: The agent has access to powerful tools like
Bash,Read,Grep, andGlobwhich could be exploited if malicious instructions are successfully injected. - Sanitization: No sanitization or instruction filtering is applied to the data before it is presented to the agent.
Audit Metadata