tiktok-search-videos

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to use a dangerous execution pattern: eval "$(python scripts/xxx.py {params})". This pattern executes the standard output of a local Python script directly in the shell environment, which is a significant security risk.
  • [COMMAND_EXECUTION]: The reliance on dynamic command generation via the eval pattern introduces a high risk of command injection. If user-provided search keywords or other parameters are not perfectly sanitized before being passed to the Python scripts or included in the resulting shell command, an attacker could achieve arbitrary code execution.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from TikTok, which constitutes an indirect prompt injection attack surface.
  • Ingestion points: Untrusted data is retrieved from the TikTok /api/search/item/full/ endpoint and displayed in the browser context (SKILL.md).
  • Boundary markers: There are no instructions or boundary markers provided to isolate the scraped content or warn the agent to ignore embedded instructions within the metadata.
  • Capability inventory: The skill grants the agent extensive capabilities, including shell execution (eval), network traffic inspection, and automated browser navigation.
  • Sanitization: There is no evidence of data sanitization, filtering, or validation for the content scraped from TikTok (author bios, video descriptions, music titles) before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — tiktok-search-videos