bilibili-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The script calls public Bilibili APIs (see getVideoInfo using https://api.bilibili.com/x/web-interface/view and getVideoPlayurl using https://api.bilibili.com/x/player/playurl) and directly consumes playData.dash.video[].baseUrl and related API fields (user-generated/public content) to determine which external URLs to download, so untrusted third-party content is read and materially drives subsequent network actions.