tikhub-api-helper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly requires calling TikHub APIs (via api_client.py to endpoints on https://api.tikhub.io / https://api.tikhub.dev, e.g., fetch_post_comment, fetch_user_profile) to retrieve social‑media posts/comments (user‑generated, untrusted content) which the agent is expected to read/format and thus could materially influence subsequent decisions or actions.