douyin-batch-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and scrapes user-generated content from public Douyin pages/APIs (see scripts/download-v2.py, scripts/extract-metadata.py, scripts/manage-following.py and scripts/login.py and the SKILL.md usage instructions which call https://www.douyin.com user pages), and that fetched content (aweme_list, profile JSON-LD, nicknames/descriptions) is parsed and used to decide what to download, how to name folders, and to update following.json—so untrusted third-party data can influence the agent's actions.