Skills
skills/sickn33/antigravity-awesome-skills/tiktok-automation/Gen Agent Trust Hub

tiktok-automation

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires users to configure an external MCP server endpoint (https://rube.app/mcp) to access the necessary TikTok automation tools.
  • [DATA_EXFILTRATION]: The skill manages sensitive account information, including user profiles, statistics, and video content, which is processed through the external Rube MCP service via tools like RUBE_MANAGE_CONNECTIONS and TIKTOK_GET_USER_PROFILE.
  • [PROMPT_INJECTION]: The skill processes untrusted metadata from external TikTok records, which presents a surface for indirect prompt injection.
  • Ingestion points: Fetches video metadata and titles from TikTok through the TIKTOK_LIST_VIDEOS tool.
  • Boundary markers: Lacks explicit delimiters or instructions to treat retrieved external data as untrusted content.
  • Capability inventory: The agent possesses high-privilege capabilities including TIKTOK_PUBLISH_VIDEO and TIKTOK_POST_PHOTO, which could be misused if malicious content is processed.
  • Sanitization: No evidence of data validation or sanitization is provided for the metadata retrieved from the TikTok API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 02:43 AM