Skills
skills/sickn33/antigravity-awesome-skills/tiktok-automation/Gen Agent Trust Hub

tiktok-automation

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires users to add a third-party MCP server at https://rube.app/mcp as part of the setup process. This domain is not recognized as a trusted organization or well-known service.
  • [REMOTE_CODE_EXECUTION]: By connecting to the unverified rube.app MCP server, the agent executes tool definitions and logic provided by a remote source. This represents a significant security risk as the server controls the behavior and parameters of the automation tools.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when retrieving data from TikTok. * Ingestion points: Data is pulled from the TikTok API via TIKTOK_LIST_VIDEOS (video titles, metadata) and TIKTOK_GET_USER_PROFILE (user bios and account stats). * Boundary markers: There are no instructions to the agent to treat retrieved data as untrusted or to ignore embedded instructions. * Capability inventory: The skill has the ability to perform write operations and social actions, such as TIKTOK_PUBLISH_VIDEO and TIKTOK_POST_PHOTO. * Sanitization: The skill does not provide mechanisms to sanitize or validate retrieved content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 05:41 AM