Instagram User Profile API

Security checks across malware telemetry and agentic risk

Overview

This is a narrow JustOneAPI helper for looking up Instagram profile metadata by username, with privacy and token-handling caveats but no hidden or destructive behavior found.

Install only if you trust JustOneAPI and have a legitimate reason to retrieve Instagram profile metadata for specific usernames. Avoid using the skill for unauthorized monitoring or profiling, and protect the JUST_ONE_API_TOKEN because this API places it in the request URL.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The description explicitly promotes people-related profiling use cases such as influencer vetting, tracking audience reach, and mapping handles to profile stats without any consent, purpose limitation, or user-choice guardrails. In agent environments, this can normalize or encourage collection of personal/social metadata for evaluative profiling, creating privacy and policy risk even though the endpoint itself is a standard lookup API.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal