jkvideo-bilibili-react-native

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly ingests untrusted, user-generated content—e.g., fetching danmaku XML from /x/v1/dm/list.so (hooks/useDanmaku.ts), receiving live chat over wss://broadcastlv.chat.bilibili.com/sub (hooks/useLiveDanmaku.ts), and loading public Bilibili pages in a WebView fallback (components/VideoPlayer.tsx)—all of which are runtime third‑party sources the agent parses/displays and could influence behavior.