douyin-search
Warn
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
search_douyin.py) to interact with its search API. It also provides instructions for setting up persistence viacrontabto enable daily automated content pushes, which involves recurring shell command execution on the host system. - [DATA_EXFILTRATION]: The skill transmits user search keywords and a sensitive environment variable (
REDFOX_API_KEY) to the external endpointhttps://redfox.hk/story/api/dy/search/search. While this is expected vendor functionality, it involves the outbound transfer of user-derived data. - [PROMPT_INJECTION]: The skill processes untrusted external data retrieved from the Douyin API, creating a surface for indirect prompt injection.
- Ingestion points: Video titles and author metadata from the
search_douyin.pyoutput are processed in the result display step. - Boundary markers: No explicit markers are used to isolate untrusted data from the agent's instructions.
- Capability inventory: The agent has shell access to run local scripts and schedule persistent cron jobs.
- Sanitization: There is no indication that retrieved content is sanitized or escaped before being displayed to the user or processed by the agent.
Audit Metadata