pp-tiktok-shop

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs the TikTok Shop CLI and MCP server from the developer's official GitHub repository (github.com/mvanhorn/printing-press-library) and NPM registry (@mvanhorn/printing-press). These represent official vendor resources.
  • [COMMAND_EXECUTION]: The skill requires executing the tiktok-shop-pp-cli binary via shell to perform shop management tasks, including authentication readiness and data retrieval.
  • [PROMPT_INJECTION]: The skill processes data from external TikTok Shop APIs (such as order details, product listings, and fulfillment information), which serves as an ingestion point for untrusted content. This represents an indirect prompt injection surface.
  • Ingestion points: TikTok Shop API responses (orders, products, fulfillment data) processed via shell commands.
  • Boundary markers: Absent.
  • Capability inventory: Execution of CLI tools via shell and network access via API interaction.
  • Sanitization: Not explicitly implemented for external data processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:30 AM
Security Audit — agent-trust-hub — pp-tiktok-shop