tikspyder

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to provide SerpAPI/Apify keys and then instructs the agent to write those exact key values into the config file (via the Write tool), which requires the LLM to handle and output the secret verbatim even though it forbids echoing them in bash — creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted, user-generated content from third-party services — notably SerpAPI (Google search / Google Images thumbnails) and Apify (TikTok profiles and hashtags) as required in Phase 2 and then runs TikSpyder to collect and summarize TikTok posts (Phase 4), so external webpage/post content will be read and used to drive tool actions and summaries.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs git clone https://github.com/estebanpdl/tik-spyder.git at runtime (Phase 1.3) and then installs/runs the cloned package (pip install -e . / tikspyder), which means it fetches and executes remote code that the skill relies on.