douyin-share-info

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required runtime behavior (SKILL.md and scripts/main.ts) calls the external TikHub Web API (https://api.tikhub.io/api/v1/douyin/web/fetch_one_video_by_share_url via fetchByShareUrl) to ingest user-generated Douyin data and then parses those returned fields (descriptions, cover/audio/video URLs) which can materially influence subsequent outputs/actions, exposing the agent to untrusted third-party content that could carry indirect prompt injections.