Skills
skills/vm0-ai/vm0-skills/instagram/Gen Agent Trust Hub

instagram

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous curl commands for the agent to execute, enabling interaction with the Instagram Graph API for media retrieval, hashtag searching, and content publishing.
  • [DATA_EXFILTRATION]: The skill handles an authentication token (INSTAGRAM_TOKEN) to communicate with Meta's official Graph API at graph.facebook.com. This operation is the intended functionality of the integration and targets a well-known service.
  • [PROMPT_INJECTION]: The skill processes data from external sources (Instagram captions and media metadata), creating a surface for potential indirect prompt injection.
  • Ingestion points: Media captions and metadata retrieved from the graph.facebook.com API endpoints.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters to isolate external data from the agent's internal instruction context.
  • Capability inventory: Network operations via curl and local file writing to /tmp/request.json for API payload preparation.
  • Sanitization: Absent. The skill does not provide instructions for validating or sanitizing retrieved content before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 07:52 AM