accounts
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes the agent to indirect prompt injection by fetching and displaying external metadata from TikTok profiles. Specifically, the validation step prints video titles using
print(f'Latest: {videos[0].title}'). If a profile is controlled by an attacker, the video title could contain instructions designed to hijack the agent's logic.\n - Ingestion points: TikTok profile metadata fetched via the TikTokScraper in SKILL.md.\n
- Boundary markers: Absent. There are no instructions for the agent to treat this external content as untrusted data.\n
- Capability inventory: The skill utilizes subprocess execution and file system writes, providing a surface for malicious instructions to cause unintended local actions.\n
- Sanitization: Absent. Metadata is printed directly to the output without filtering.\n- [COMMAND_EXECUTION]: The skill uses Python and shell commands for file operations and profile validation. The logic involves multi-line Python scripts executed via
python3 -cand string interpolation of profile URLs, which is a common pattern for local automation but requires the agent to handle inputs carefully to avoid command injection.
Audit Metadata