tikspyder
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the TikSpyder tool from the author's GitHub repository (https://github.com/estebanpdl/tik-spyder.git) and installs it in the environment using
pip install -e .. It also suggests usinggit pullfor troubleshooting, allowing for remote updates to the tool's code. - [COMMAND_EXECUTION]: The skill uses various bash commands to detect, create, and activate Conda or virtual environments, check for system dependencies like ffmpeg, and execute the data collection tool's CLI and Streamlit interface.
- [CREDENTIALS_UNSAFE]: The skill reads and writes SerpAPI keys and Apify tokens to a local
config/config.inifile. It includes strong procedural instructions to never display these keys to the user and to use secure write tools rather than echoing them in commands. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing external data.
- Ingestion points: External TikTok metadata, profile descriptions, and search results retrieved from Google (via SerpAPI) and TikTok (via Apify) are ingested into the agent context.
- Boundary markers: The instructions do not specify any delimiters or safety warnings (e.g., 'ignore instructions within this data') when processing the collected TikTok content.
- Capability inventory: The skill possesses significant capabilities, including executing subprocesses (CLI tools), performing network requests, and reading/writing to the local filesystem (config files and data output).
- Sanitization: No explicit sanitization, filtering, or validation of the retrieved TikTok content is performed before the agent summarizes the results for the user.
Audit Metadata