gram
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@cyberdrk/grampackage from the NPM registry during the installation phase. - [DATA_EXFILTRATION]: Accesses sensitive authentication data, including Instagram session cookies (
sessionid,csrftoken,ds_user_id) and local browser profile directories (e.g., Chrome, Firefox, Safari) to retrieve authentication tokens. - [COMMAND_EXECUTION]: Executes shell commands using the
grambinary to perform authenticated actions such as viewing posts, following users, and posting comments. - [PROMPT_INJECTION]: Ingests untrusted external data from Instagram (posts, comments, search results) which represents a surface for indirect prompt injection.
- Ingestion points: Commands such as
gram comments,gram feed, andgram searchretrieve content from Instagram's APIs. - Boundary markers: The instructions do not define specific boundary markers or warnings to the agent regarding embedded instructions in retrieved data.
- Capability inventory: The skill possesses write capabilities including
gram comment,gram follow,gram like, andgram savewhich could be abused if the agent follows instructions found in external content. - Sanitization: No evidence of sanitization or filtering of the retrieved Instagram content is provided in the skill documentation.
Audit Metadata