Skills
skills/aaaaqwq/claude-code-skills/tiktok-marketing/Gen Agent Trust Hub

tiktok-marketing

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION]: The skill describes n8n automation workflows that interact with well-known third-party services like OpenAI, ElevenLabs, Google Sheets, TikTok, Slack, and Airtable. These interactions are part of the intended marketing automation functionality and do not involve unauthorized exfiltration of sensitive local system data.
  • [PROMPT_INJECTION]: The automation templates in SKILL.md ingest data from an external source (Google Sheets) and interpolate it into an LLM prompt ({idea}) without using boundary markers or sanitization logic. Since the skill has capabilities to perform network operations and publish content (tiktok_upload), this creates a surface for indirect prompt injection if the source data contains malicious instructions.
  • Ingestion points: Google Sheets Content Ideas (SKILL.md)
  • Boundary markers: Absent in prompt templates
  • Capability inventory: MCP tools tiktok_upload, tiktok_analytics, and n8n network nodes
  • Sanitization: Absent
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 09:58 PM
Security Audit — agent-trust-hub — tiktok-marketing