douyin-hot-trend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (scripts/douyin.js and scripts/douyin-with-cover.js) directly fetch and parse data from the public Douyin web API (www.douyin.com) and the cron-job/get-hot-trend workflows use that untrusted, user-generated social-media content to determine and format messages that are sent (e.g., to Telegram), so third-party content is ingested and can influence subsequent actions.