douyin-video-fetch
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill runs a localized Python script to facilitate browser automation and file management.
- [EXTERNAL_DOWNLOADS]: Retrieves video data and JSON metadata from Douyin's official domains. It utilizes the playwright library to manage browser-based interactions.
- [DATA_EXFILTRATION]: Saves video files to local storage. While the output path is configurable via the --output argument, the script primarily targets the temporary directory (/tmp).
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external content from the internet:
- Ingestion points: fetch_detail in scripts/fetch_douyin_video.py ingests data from Douyin's web pages and API endpoints.
- Boundary markers: None identified; untrusted content is not delimited.
- Capability inventory: The skill includes file writing (download_video) and network request (urllib, playwright) capabilities.
- Sanitization: The script performs no sanitization on the metadata (e.g., video descriptions) extracted from external sources before outputting it.
Audit Metadata