douyin-download
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mdinterpolate user-provided links directly into a shell command template:python3 .../parse-douyin.py <抖音链接>. This allows an attacker to execute arbitrary shell commands by including shell metacharacters (such as semicolons or backticks) in the input. - [EXTERNAL_DOWNLOADS]: The
parse-douyin.pyscript makes network requests to external domains (iesdouyin.comand CDN servers) and downloads media files to the local/tmpdirectory. - [PROMPT_INJECTION]: The skill parses HTML from external Douyin URLs and extracts video descriptions that are displayed by the agent. Ingestion points: External URLs fetched via the
requestslibrary inparse-douyin.py. Boundary markers: No delimiters or instructions are used to prevent the agent from obeying instructions embedded in the external content. Capability inventory: The skill environment allows shell execution, network access, and file writing. Sanitization: Extracted metadata is sanitized for filename safety using regex but is not sanitized for potential prompt injection payloads that could manipulate the agent.
Audit Metadata