keyapi-tiktok-content-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls KeyAPI MCP tools (e.g., get_video_comments, search_videos, get_video_detail) via the MCP server at https://mcp.keyapi.ai and the scripts/run.js runner and SKILL.md show it ingests TikTok user-generated content (comments, captions, posts) which the agent reads and uses to drive analysis and follow-up actions, exposing it to untrusted third‑party content that could contain injected instructions.