douyin-video
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found in the skill documentation.
- Data Exposure & Exfiltration (SAFE): The skill uses environment variables for API keys, which is a standard security practice. No hardcoded credentials or sensitive file access patterns were detected.
- Obfuscation (SAFE): The content is clear and readable with no evidence of encoding, zero-width characters, or homoglyph attacks.
- Unverifiable Dependencies (SAFE): The skill relies on well-known Python packages (requests, ffmpeg-python) and standard system utilities (ffmpeg).
- Indirect Prompt Injection (LOW): 1. Ingestion points: The skill processes external Douyin video metadata and transcribes audio content. 2. Boundary markers: None specified in the documentation. 3. Capability inventory: Performs network requests, executes ffmpeg via subprocess, and writes to the local file system. 4. Sanitization: No specific sanitization of external video titles or transcripts is mentioned, posing a minor surface for indirect injection if the resulting text is used in downstream LLM reasoning.
Audit Metadata