tikhub-api-helper
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
api_client.pyfile contains a hardcoded API credential assigned toDEFAULT_TOKEN. This token is used to authenticate requests to the TikHub API, posing a risk of unauthorized access or credential leak. - [DATA_EXFILTRATION]: The
_build_urlmethod inapi_client.pycontains logic that returns the path directly if it starts with 'http'. This allows the client to make network requests to arbitrary external URLs, bypassing the intended TikHub API domains. This capability can be misused to exfiltrate information to attacker-controlled servers. - [COMMAND_EXECUTION]: The skill relies on executing local Python scripts (
api_searcher.pyandapi_client.py) via the command line to interact with the API and search documentation. While these are part of the skill, it involves spawning subprocesses with parameters derived from user queries. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It retrieves data from external social media platforms (TikTok, Instagram, YouTube, etc.) and presents it to the agent. Malicious content within the fetched social media data could potentially contain instructions aimed at manipulating the agent's behavior.
- Ingestion points: API responses fetched via
api_client.pyand theopenapi.jsonfile processed byapi_searcher.py. - Boundary markers: None identified; the agent is not instructed to treat API results as untrusted data.
- Capability inventory: Network access through
urllib.requestand local script execution. - Sanitization: The skill does not perform sanitization or filtering of the content retrieved from external APIs before displaying it to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata