tiktok-search
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to read an API key from a specific local configuration file (
~/.gooseworks/credentials.json) and transmit it to external API endpoints (api.gooseworks.aiandapi.orth.sh) via the Authorization header. While this appears to be the legitimate authentication flow for the service, it involves automated access to sensitive local files and subsequent network transmission. - [COMMAND_EXECUTION]: The skill uses Python one-liners via
python3 -cto programmatically extract credentials and configuration values from the local filesystem during environment setup. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it retrieves and processes content from an untrusted external source (TikTok).
- Ingestion points: TikTok profile bios, video titles, and hashtag content descriptions are ingested into the agent context (SKILL.md).
- Boundary markers: The usage examples do not include boundary markers or delimiters to separate untrusted external content from agent instructions.
- Capability inventory: The agent has network access capabilities via
curlto continue making further requests based on the fetched data. - Sanitization: There are no instructions provided to sanitize or validate the content fetched from TikTok before the agent processes it, which could allow a malicious user's TikTok bio to influence the agent's behavior.
Audit Metadata