Skills
skills/aaaaqwq/agi-super-team/tiktok-automation/Gen Agent Trust Hub

tiktok-automation

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to configure an external MCP server from https://rube.app/mcp. This is a third-party domain that is not included in the list of trusted vendors.
  • [PROMPT_INJECTION]: The skill processes data from TikTok (such as video titles and profile information), creating a surface for indirect prompt injection if that data contains malicious instructions.
  • Ingestion points: Video metadata from TIKTOK_LIST_VIDEOS and user information from TIKTOK_GET_USER_PROFILE.
  • Boundary markers: No specific delimiters or "ignore instructions" markers are used to isolate untrusted content from the system prompt.
  • Capability inventory: The skill can publish content (TIKTOK_PUBLISH_VIDEO, TIKTOK_POST_PHOTO), which could be misused if an injection occurs.
  • Sanitization: There is no evidence of sanitization or filtering of external TikTok data before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:59 AM