Skills
skills/tfcbot/agent-video-team/researcher/Gen Agent Trust Hub

researcher

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network requests to external API endpoints including api.scrapecreators.com and api.vidjutsu.ai to fetch social media data and perform video analysis. These domains are not on the standard whitelist, though they are necessary for the skill's documented functionality.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion and processing of untrusted external content.
  • Ingestion points: The skill retrieves Instagram comments via the /v2/instagram/post/comments endpoint and TikTok transcripts via the /v2/tiktok/video endpoint in SKILL.md.
  • Boundary markers: There are no identified delimiters or specific instructions provided to the agent to disregard instructions embedded within the fetched comments or transcripts.
  • Capability inventory: The skill has the capability to perform network requests (POST) to external APIs and present aggregated data to the user.
  • Sanitization: No sanitization, escaping, or validation logic is specified for the data retrieved from external social media platforms before it is analyzed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 01:53 AM