social-media-scout
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill manages a TikHub API key which is stored locally in
scripts/config.json. Thetikhub_client.pyscript transmits this key in the Authorization header toapi.tikhub.ioto authenticate requests. This is the intended behavior for the tool's primary function and targets the official API service. - [COMMAND_EXECUTION]: Instructions in
SKILL.mdguide the agent to install and runyt-dlp, an established third-party utility, for downloading videos from Bilibili. This interaction is transparently documented and occurs as part of the tool's video processing workflow. - [EXTERNAL_DOWNLOADS]: The
tikhub_client.pyscript includes adownload_filefunction that facilitates downloading social media video content to the local filesystem using standard Python libraries. This function is intended for processing media files as requested by the user. - [PROMPT_INJECTION]: The skill ingests untrusted content from social media platforms (e.g., video descriptions, comments). While this creates a surface for indirect prompt injection, the skill acts as a data retriever and does not execute the retrieved content, making the risk inherent to the processing of public social media data.
Audit Metadata