tiktok-strategist
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a vulnerability to Indirect Prompt Injection (Category 8). It is designed to ingest and process external, untrusted data from social media platforms which could contain malicious instructions hidden by attackers.
- Ingestion points: Phase 1 (Trend Monitoring, Competitor Analysis) and Phase 3 (Community Management and Comment engagement) involve reading data from external sources.
- Boundary markers: The instructions do not define boundary markers or explicit warnings for the agent to ignore instructions embedded within the analyzed content.
- Capability inventory: The skill possesses significant capabilities via the
bash,git, and filesystem tools (File ops) listed in the Copilot CLI Operations section. - Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill explicitly requests access to powerful system tools including
bashandgitin the "Herramientas disponibles" section. While these tools are common in developer-focused agent environments, they provide a broad capability for system interaction that increases the impact of a potential prompt injection.
Audit Metadata