tiktok-hashtag-videos

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's instructions for the 'Get challenge ID' capability use a dangerous shell pattern: eval "$(python scripts/get-challenge-id.py '{hashtag}')". This pattern is vulnerable to command injection because the shell expands command sequences (like backticks or $(...)) within the output of the python script before or during the eval execution. If an attacker provides a hashtag containing shell metacharacters like single quotes, semicolons, or backticks, they can execute arbitrary code on the agent's host.
  • [REMOTE_CODE_EXECUTION]: The command injection vulnerability described above allows for arbitrary code execution by providing a malicious hashtag string. This bypasses the intended browser-based scraping logic and provides direct shell access to the host environment.
  • [DATA_EXFILTRATION]: The combination of shell access via the eval vulnerability and the presence of network tools creates a high risk of data exfiltration. Injected commands could be used to read sensitive local files, such as SSH keys, environment variables, or cloud credentials, and transmit them to external servers.
  • [PROMPT_INJECTION]: The skill processes untrusted user-generated content from TikTok without sanitization, which is a vector for indirect prompt injection.
  • Ingestion points: The skill retrieves video metadata, including descriptions (desc) and nicknames, from the /api/challenge/item_list/ endpoint.
  • Boundary markers: There are no delimiters or explicit instructions to the agent to ignore embedded commands within the retrieved TikTok data.
  • Capability inventory: The agent has access to a bash shell, python execution, and the browser-act tool for browser automation.
  • Sanitization: No sanitization or validation of the content retrieved from TikTok is performed before the data is processed or output to the user.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — tiktok-hashtag-videos