tiktok
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWSAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or override attempts detected in the provided files.
- [Data Exposure] (LOW): The skill requires a TIKTOK_ACCESS_TOKEN environment variable. While standard for API access, users should ensure the environment is secure and that the token has minimum required permissions.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted external data from TikTok (e.g., analytics, hashtag results). Evidence: 1. Ingestion points: TikTok API responses for analytics and trends. 2. Boundary markers: Absent in prompt examples. 3. Capability inventory: Data retrieval via curl and processing via jq. 4. Sanitization: Not specified. This represents a potential surface for indirect injection from platform content.
- [External Downloads] (LOW): Requires system-level binaries curl and jq; these are trusted tools but are external dependencies that must be managed on the host system.
Audit Metadata