douyin-kol-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries Douyin (social media) KOL data — see providerConfig endpoint "/api/v1/douyin/xingtu/search_kol_v2" in references/skill.json and the SKILL.md description that it returns Douyin creator (KOL) lists — meaning the agent consumes untrusted, user-generated third‑party content that could influence recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The provided runner (scripts/run.py) makes a runtime POST to the external endpoint https://ai-skills.ai/api/execute (default AISKILLS_BASE_URL) to execute the skill remotely, so the external server's responses directly control the skill execution and results, and the skill requires that endpoint to run.