tiktok-collection-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill scrapes untrusted data from TikTok which could contain malicious instructions designed to influence an agent processing the tool's output.
- Ingestion points:
scripts/scrape_collections.pyingests untrusted text from TikTok web responses viaget_items()(video descriptions) andget_collections()(collection names). - Boundary markers: Absent. The JSON output does not use delimiters or provide 'ignore embedded instructions' warnings for downstream LLM consumption.
- Capability inventory: The skill possesses network read capabilities (TikTok API) and file write capabilities (outputting results to local JSON files).
- Sanitization: No sanitization, escaping, or filtering is performed on the scraped metadata before it is returned in the result object.
- Data Exposure (LOW): The skill allows the user to provide a local cookie file for authenticated requests. While this is necessary for the intended purpose of scraping private collections, users should be aware that the script will read and transmit these session credentials to
tiktok.com. - Unverifiable Dependencies (SAFE): The skill requires
curl_cffi, which is a standard and well-known library for impersonating browser TLS fingerprints. It does not attempt to install unknown or malicious packages.
Audit Metadata