tiktok-video-detail
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill employs a dynamic execution pattern where a Python script generates JavaScript code intended for execution in the browser. The instructions suggest using a shell 'eval' pattern to facilitate this, which involves the dynamic assembly and execution of code strings.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the TikTok platform. Maliciously crafted data within video metadata (such as descriptions or signatures) could potentially influence the agent's behavior when it processes the extracted content.
- Ingestion points: The scraping logic reads from the
__UNIVERSAL_DATA_FOR_REHYDRATION__script tag embedded in the TikTok video page's DOM. - Boundary markers: No specific boundary markers or instructions are used to distinguish extracted data from instructions or to prevent the agent from following embedded commands.
- Capability inventory: The skill utilizes the
browser-acttool for web navigation and script execution, and potentially uses thebashtool for script management. - Sanitization: The extracted data is returned as raw text without sanitization or filtering of fields that are user-controlled on the source platform.
- [EXTERNAL_DOWNLOADS]: The skill navigates the browser to
https://www.tiktok.comto retrieve metadata. This involves retrieving content from a well-known service and is consistent with the skill's primary function.
Audit Metadata