Skills
skills/aaaaqwq/claude-code-skills/tiktok-automation/Gen Agent Trust Hub

tiktok-automation

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external TikTok profiles and video metadata, creating a surface for indirect prompt injection. * Ingestion points: TIKTOK_GET_USER_PROFILE and TIKTOK_LIST_VIDEOS in SKILL.md. * Boundary markers: Absent; there are no instructions to the agent to ignore or sanitize instructions found within fetched TikTok metadata. * Capability inventory: Substantial capabilities including uploading and publishing content via TIKTOK_PUBLISH_VIDEO and TIKTOK_POST_PHOTO. * Sanitization: Absent; the skill does not define validation for fetched strings.
  • [External Dependency] (SAFE): The skill requires connecting to an external MCP server at https://rube.app/mcp. This is a third-party service not included in the pre-approved trusted list, but it is necessary for the skill's stated purpose and is configured by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 03:09 PM