douyin-downloader
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external websites based on user input.\n
- Ingestion points: The
scripts/parse_douyin.pyscript extracts URLs from user-provided share text and fetches content from them.\n - Boundary markers: The skill does not use delimiters or instructions to ignore embedded commands within the fetched HTML or metadata.\n
- Capability inventory: The skill includes file writing (
scripts/download_video.py) and network operations (scripts/parse_douyin.py,scripts/transcribe_audio.py).\n - Sanitization: There is no sanitization of natural language instructions that might be embedded in video titles or descriptions, although filenames are sanitized in
scripts/parse_douyin.py.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to download video content and access transcription APIs.\n - Fetches data from Douyin domains including
v.douyin.comandiesdouyin.com.\n - Communicates with Volcano Engine (Bytedance) at
openspeech.bytedance.comfor ASR services.\n- [COMMAND_EXECUTION]: The skill uses Python scripts to perform local file system operations.\n - The
scripts/download_video.pyscript writes binary video data to an arbitrary file path provided via command-line arguments.
Audit Metadata