Skills
skills/skillatlas/skills/scrapesocial-tiktok/Gen Agent Trust Hub

scrapesocial-tiktok

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install the 'scrapesocial' package globally via npm. This CLI tool is a vendor resource provided by the skill author.
  • [PROMPT_INJECTION]: The skill processes untrusted content from TikTok, including transcripts and comments, which could contain indirect prompt injection attacks.
  • Ingestion points: Data such as TikTok video transcripts and audience comments are retrieved for analysis.
  • Boundary markers: The skill lacks explicit boundary markers or instructions to treat the retrieved content as untrusted.
  • Capability inventory: The skill is used to fetch and summarize data; malicious instructions embedded in TikTok content could attempt to influence the agent's summary or subsequent actions.
  • Sanitization: There is no evidence of content sanitization or validation performed on the external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 04:32 PM