tiktok-hashtag-videos
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's instructions for the 'Get challenge ID' capability use a dangerous shell pattern:
eval "$(python scripts/get-challenge-id.py '{hashtag}')". This pattern is vulnerable to command injection because the shell expands command sequences (like backticks or$(...)) within the output of the python script before or during theevalexecution. If an attacker provides a hashtag containing shell metacharacters like single quotes, semicolons, or backticks, they can execute arbitrary code on the agent's host. - [REMOTE_CODE_EXECUTION]: The command injection vulnerability described above allows for arbitrary code execution by providing a malicious hashtag string. This bypasses the intended browser-based scraping logic and provides direct shell access to the host environment.
- [DATA_EXFILTRATION]: The combination of shell access via the
evalvulnerability and the presence of network tools creates a high risk of data exfiltration. Injected commands could be used to read sensitive local files, such as SSH keys, environment variables, or cloud credentials, and transmit them to external servers. - [PROMPT_INJECTION]: The skill processes untrusted user-generated content from TikTok without sanitization, which is a vector for indirect prompt injection.
- Ingestion points: The skill retrieves video metadata, including descriptions (
desc) and nicknames, from the/api/challenge/item_list/endpoint. - Boundary markers: There are no delimiters or explicit instructions to the agent to ignore embedded commands within the retrieved TikTok data.
- Capability inventory: The agent has access to a bash shell, python execution, and the
browser-acttool for browser automation. - Sanitization: No sanitization or validation of the content retrieved from TikTok is performed before the data is processed or output to the user.
Recommendations
- AI detected serious security threats
Audit Metadata