tikhub-api-helper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's api_client.py makes HTTP requests to TikHub's public APIs (e.g., https://api.tikhub.io and https://api.tikhub.dev) and the SKILL.md shows endpoints like fetch_post_comment and fetch_user_profile that return social-media posts/comments (user-generated content), so the agent will fetch and read untrusted third-party content as part of its workflow.