tiktok-music-archive-downloader

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill explicitly downloads arbitrary public TikTok posts listed in the manifest (see SKILL.md manifest example "sourceUrl": "https://www.tiktok.com/@user/video/123") and the bundled script download_videos_from_manifest_with_ytdlp.mjs calls yt_dlp to fetch and ingest those user-generated videos/audio as part of the required workflow, exposing the agent to untrusted third-party content that could carry indirect instructions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 04:52 PM
Issues
1
Security Audit — snyk — tiktok-music-archive-downloader