tiktok-app-marketing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs storing API keys and webhook URLs directly in a config file (e.g., imageGen.apiKey, revenuecat.v2SecretKey, discord.webhookUrl) and shows commands/examples that embed secret values, which requires the agent to accept and write secrets verbatim into outputs/files — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to browse and scrape public third‑party sources (Phase 2 "Competitor Research" in SKILL.md and scripts like scripts/scrape-tiktok-analytics.js) — pulling untrusted, user‑generated TikTok/App Store content that the agent must read and which directly informs hook generation, posting/CTA decisions, and analytics-driven actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt repeatedly instructs the agent to verify and install system-level dependencies (e.g., Node.js, native libs for node-canvas) and to run sudo apt-get commands and set up cron jobs and environment variables, which modify the host system and can require elevated (sudo) privileges—so it does push the agent to change machine state.