instagram-agent-teneo
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides bash command templates to interact with a local CLI tool (
~/teneo-skill/teneo) for retrieving Instagram profile details, posts, and comments. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing external, untrusted content from Instagram.
- Ingestion points: The agent retrieves data from public Instagram profile metadata, captions, and comment threads (SKILL.md).
- Boundary markers: There are no specified delimiters or instructions to treat the retrieved content as untrusted data separate from the agent's logic.
- Capability inventory: The skill utilizes shell command execution to perform scraping tasks via a binary located in the local file system.
- Sanitization: No sanitization, filtering, or validation of the retrieved Instagram content is described in the skill.
Audit Metadata