tiktok-marketing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls TikTok's Content Posting API (e.g., fetches from https://open.tiktokapis.com/v2/video/list/ and other /v2/... endpoints in the "Query Videos & Analytics" and API examples), which ingests user-generated/untrusted videos, comments, and analytics that the agent is expected to read and use to drive posting and growth decisions, so third-party content could indirectly inject actionable instructions.