tiktok-ad-research

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted text from TikTok (ad titles, captions, summaries, and comments) and has access to powerful system tools. It lacks robust boundary markers to prevent the agent from interpreting instructions potentially hidden in the scraped data.
  • Ingestion points: Data enters the system through normalize_tiktok_ads_dataset.mjs, analyze_tiktok_ads_dataset.mjs, and analyze_tiktok_comments.mjs which parse TikTok API responses.
  • Boundary markers: There are no explicit markers or 'ignore' instructions implemented to safely wrap the processed TikTok content.
  • Capability inventory: The skill can execute subprocesses (yt-dlp, ffmpeg, open), perform extensive file system writes within the workspace, and initiate network requests via runHostedCollection.
  • Sanitization: Sanitization is minimal, relying on basic string trimming in tiktok_common.mjs and simple regex tokenization in analyze_tiktok_comments.mjs.
  • [COMMAND_EXECUTION]: Subprocess spawning is used to facilitate media handling and workflow automation:
  • download_videos_from_manifest_with_ytdlp.mjs uses spawn to execute python3 -m yt_dlp for downloading TikTok videos.
  • postplus_workspace_runtime.mjs uses execFileSync to run ffmpeg for video generation and open (on macOS) for file system interaction.
  • [EXTERNAL_DOWNLOADS]: The skill performs several network operations to interact with external services and download assets:
  • download_videos_from_manifest_with_ytdlp.mjs downloads media files from TikTok URLs.
  • hosted_collection_bridge.mjs and postplus_cloud_client.mjs make HTTPS or socket requests to PostPlus Cloud for hosted data collection and media generation services.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:48 PM
Security Audit — agent-trust-hub — tiktok-ad-research