tiktok-content-maker
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute internal logic and interact with specialized CLI tools.
- It runs
scripts/analyze-images.tsusingnpx tsxto perform product and model image analysis. - It invokes
renoise-cli.mjsfor uploading materials and submitting video generation tasks. - [EXTERNAL_DOWNLOADS]: The skill performs routine external data retrieval and dependency management.
- It executes
npm installwithin the skill directory to ensure required Node.js libraries are available for the analysis script. - It employs the
WebFetchtool to retrieve product details from user-provided URLs, enhancing the context for script generation. - [PROMPT_INJECTION]: The skill's ingestion of external web content and images presents a surface for indirect prompt injection (Category 8).
- Ingestion points: Product images, model reference photos, and external product detail pages fetched via
WebFetch. - Boundary markers: The image analysis script enforces a structured JSON response through its hardcoded system prompt, which limits the influence of adversarial content.
- Capability inventory: The skill has access to local file reading and Bash command execution to support its core functions.
- Sanitization: External content is processed by the analysis model without pre-validation, relying on the model's instructions and structured output requirements for safety.
Audit Metadata