douyin-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the script's parseShareUrl and httpRequest functions fetch and parse public Douyin pages (e.g., requests to https://www.douyin.com/aweme/... and pageContent parsing in douyin.js) to extract video URLs and metadata that directly drive downloads, audio extraction, and transcription, exposing the agent to untrusted, user-generated third-party content.