douyin
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires 'nodriver-kit' from the 'anthropics' GitHub organization. As this is a trusted organization defined in the [TRUST-SCOPE-RULE], the dependency itself is considered LOW risk.
- [COMMAND_EXECUTION] (LOW): The skill executes local Python scripts and initiates browser automation processes to interact with the Douyin platform.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves and displays untrusted content from the internet.
- Ingestion points: The script 'scripts/download.py' ingests data from Douyin URLs, page HTML, and JSON API responses.
- Boundary markers: No delimiters or 'ignore' instructions are present to prevent the LLM from obeying instructions embedded in video metadata.
- Capability inventory: The skill possesses file-writing capabilities (to save videos), network access (via requests), and browser control (via nodriver-kit).
- Sanitization: External content like video titles and descriptions is extracted and returned to the agent without sanitization, which could allow an attacker to place instructions in a video title that influence the agent's subsequent behavior.
Audit Metadata