douyin-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and scrapes public Douyin (iesdouyin.com) share pages (parse_share_url calls requests.get on the share URL and the derived https://www.iesdouyin.com/share/video/...), downloads user-generated video/audio content, and transcribes that audio via a third‑party Siliconflow API, so it clearly ingests untrusted public user-generated content as part of its workflow.