douyin-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's parse_douyin.py and SKILL.md explicitly follow user-supplied Douyin share links, perform HTTP requests (requests.get) to public URLs (short links and https://www.iesdouyin.com/share/video/...), extract and JSON-parse untrusted page content (window._ROUTER_DATA) and then use that parsed data to construct download URLs and filenames that drive subsequent downloads, so third-party content directly influences agent actions.