douyin-viral-script

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads public, user-generated Douyin videos using scripts/download_douyin.py (yt-dlp) and then feeds those videos into scripts/analyze_video.py / Gemini and reads the resulting analysis files (analysis-*.md) as part of its workflow, which clearly ingests untrusted third‑party content that could carry indirect prompt injections.