Skills
skills/shuliuzhenhua-sys/shuliu-skills/douyin-share-info/Gen Agent Trust Hub

douyin-share-info

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute a local TypeScript script (scripts/main.ts) using the bun runtime via npx.
  • [CREDENTIALS_UNSAFE]: The script scripts/main.ts contains logic to read environment variables from potentially sensitive file paths, including ~/.baoyu-skills/.env and the current working directory.
  • [DATA_EXFILTRATION]: The script transmits user-provided URLs and the TIKHUB_API_KEY to an external API service (defaulting to api.tikhub.io). While this is functional, it involves sending credentials to a third-party domain.
  • [PROMPT_INJECTION]: The skill processes untrusted external content (video metadata and descriptions) from the TikHub API, which constitutes an indirect prompt injection surface.
  • Ingestion points: External data is fetched via the fetchByShareUrl function in scripts/main.ts.
  • Boundary markers: None are present in the SKILL.md or prompt templates to delineate external data for the agent.
  • Capability inventory: The script can perform network requests and write data to the local file system (via the --raw CLI option).
  • Sanitization: The script parses the API response as JSON and extracts specific fields but does not perform content-level sanitization of the strings returned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:45 PM