tiktok-music-archive-downloader
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill explicitly downloads arbitrary public TikTok posts listed in the manifest (see SKILL.md manifest example "sourceUrl": "https://www.tiktok.com/@user/video/123") and the bundled script download_videos_from_manifest_with_ytdlp.mjs calls yt_dlp to fetch and ingest those user-generated videos/audio as part of the required workflow, exposing the agent to untrusted third-party content that could carry indirect instructions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata