tiktok-research
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts within the skill directory and invokes the system utility
yt-dlpvia Python to download video assets. These operations are essential to the research functionality and are implemented with appropriate argument handling. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to TikTok's platform and the vendor's hosted collection bridge (
PostPlusAIinfrastructure). These connections are used exclusively for authenticated data collection and manifest processing, utilizing standard Node.js networking modules. - [SAFE]: Comprehensive analysis of the 29 files revealed no evidence of prompt injection, malicious obfuscation, or persistence mechanisms. The skill's architectural design separates raw data collection from normalized analysis, reducing the risk of indirect manipulation.
- [SAFE]: Data processing scripts for comments and profile metadata handle external strings as analytical data points (e.g., tokenizing for word counts or scoring based on follower counts) rather than executable content.
Audit Metadata