ads-tiktok
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to ingest and analyze untrusted external data (TikTok Ads Manager exports), creating a surface for indirect prompt injection.
- Ingestion points: TikTok Ads data collection (Ads Manager export, Pixel/Events API status) referenced in the audit process.
- Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the ingested marketing data.
- Capability inventory: While the skill does not include its own scripts, the agent's default tools remain available for potential exploitation by malicious content within the data exports.
- Sanitization: No instructions for validating, escaping, or filtering the content of the external files are provided.
- [NO_CODE]: The skill consists entirely of markdown instructions and does not ship with any executable code, scripts, or configuration files that could pose a direct execution risk.
Audit Metadata