huashu-douyin-script
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The installation script 'install.sh' executes code downloaded directly from the internet via 'curl | sh' from astral.sh. Additionally, the recommended installation method for the skill itself involves piping a shell script from a personal GitHub repository ('alchaincyf') directly into bash.
- Credentials Unsafe (HIGH): The downloader script 'scripts/download_douyin.py' accesses sensitive user data by extracting browser cookies using the '--cookies-from-browser' flag in 'yt-dlp'. This creates a significant risk of session hijacking or account compromise.
- Prompt Injection (MEDIUM): The skill is vulnerable to Indirect Prompt Injection in 'scripts/analyze_video.py'. It ingests untrusted data from external video URLs without using boundary markers or performing sanitization, which could allow malicious content in the video metadata or descriptions to manipulate agent behavior.
- Command Execution (HIGH): The skill invokes system commands using 'subprocess.run' to execute 'yt-dlp' with parameters influenced by external input.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://astral.sh/uv/install.sh, https://raw.githubusercontent.com/alchaincyf/Write-Prompt/master/.claude/skills/douyin-viral-script/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata