tiktok-ad-research
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted text from TikTok (ad titles, captions, summaries, and comments) and has access to powerful system tools. It lacks robust boundary markers to prevent the agent from interpreting instructions potentially hidden in the scraped data.
- Ingestion points: Data enters the system through
normalize_tiktok_ads_dataset.mjs,analyze_tiktok_ads_dataset.mjs, andanalyze_tiktok_comments.mjswhich parse TikTok API responses. - Boundary markers: There are no explicit markers or 'ignore' instructions implemented to safely wrap the processed TikTok content.
- Capability inventory: The skill can execute subprocesses (
yt-dlp,ffmpeg,open), perform extensive file system writes within the workspace, and initiate network requests viarunHostedCollection. - Sanitization: Sanitization is minimal, relying on basic string trimming in
tiktok_common.mjsand simple regex tokenization inanalyze_tiktok_comments.mjs. - [COMMAND_EXECUTION]: Subprocess spawning is used to facilitate media handling and workflow automation:
download_videos_from_manifest_with_ytdlp.mjsusesspawnto executepython3 -m yt_dlpfor downloading TikTok videos.postplus_workspace_runtime.mjsusesexecFileSyncto runffmpegfor video generation andopen(on macOS) for file system interaction.- [EXTERNAL_DOWNLOADS]: The skill performs several network operations to interact with external services and download assets:
download_videos_from_manifest_with_ytdlp.mjsdownloads media files from TikTok URLs.hosted_collection_bridge.mjsandpostplus_cloud_client.mjsmake HTTPS or socket requests to PostPlus Cloud for hosted data collection and media generation services.
Audit Metadata