tikhub-api-helper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly directs the agent to search and call TikHub API endpoints (e.g., /api/v1/tiktok/web/fetch_post_comment, fetch_user_profile) and api_client.py makes live HTTP requests to api.tikhub.io/api.tikhub.dev to retrieve social-media posts/comments (user-generated, untrusted) which the agent is expected to read and use to decide next actions, exposing it to indirect prompt injection.