Skills
skills/postplusai/postplus-skills/tiktok-ad-research/Gen Agent Trust Hub

tiktok-ad-research

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script download_videos_from_manifest_with_ytdlp.mjs executes python3 -m yt_dlp via Node.js spawn to download video assets. This is an expected behavior for a media research skill.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to the PostPlus Cloud API to run data collection actors. It also facilitates video downloads from TikTok CDN. These operations are essential for fetching the data the skill is designed to analyze.
  • [DATA_EXFILTRATION]: User-provided search queries, hashtags, and research parameters are sent to the vendor's cloud infrastructure to perform scraping tasks. This represents the core functionality of the skill rather than unauthorized exfiltration.
  • [PROMPT_INJECTION]: The skill processes untrusted content from TikTok, such as ad captions and user comments, in scripts like analyze_tiktok_comments.mjs. While this creates a surface for indirect prompt injection, the scripts perform analysis rather than directly executing the data as instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 07:52 PM