douyin-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The parse-douyin.py script explicitly fetches and parses the public share page at https://www.iesdouyin.com/share/video/{video_id} (extracting window._ROUTER_DATA and fields like video_url and desc) and then uses that untrusted, third‑party content to decide what to download and how to name/upload the file, so external page content can influence agent actions.