tiktok-profile-videos
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation describes an execution model using
eval "$(python scripts/xxx.py {params})". Directly evaluating the output of a script in a shell environment is a high-risk pattern. If the{params}(such as the TikTok username) or the script's output are not strictly sanitized, an attacker could achieve arbitrary command execution. - [REMOTE_CODE_EXECUTION]: The skill relies on dynamic execution of logic encapsulated in external Python scripts triggered via shell commands. This structure presents a significant risk if the logic involves untrusted data sourced from the web or user input.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection through the processing of TikTok profile metadata.
- Ingestion points: The skill extracts video descriptions (
desc), nicknames, and signatures from TikTok's/api/post/item_list/endpoint. - Boundary markers: None are defined. The instructions do not specify the use of delimiters or clear separation between system instructions and the scraped untrusted data.
- Capability inventory: The skill uses the
bashtool andevalto execute shell commands, providing a high-impact target for successful injection. - Sanitization: There is no mention of filtering, escaping, or validating the content retrieved from TikTok before it is processed by the agent.
Audit Metadata