douyin-subscribe
Warn
Audited by Snyk on Jun 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Runtime path:
scripts/subscribe.py fetchcalls Douyin API (requests.posttohttps://redfox.hk/story/api/dyData/searchWorkList) and then injects returned fields liketitle,accountName, andworkUrlinto generated Markdown/HTML; these fields are outsider-authored content from third-party accounts (not the operating user) and become LLM-readable text viaprint_markdown_table()andgenerate_summary().
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill requires the agent to create, update and delete persistent automated tasks (via automation_update and daily scheduled commands that embed account IDs), which modifies the host's automation state and therefore changes the machine state (even though it doesn't request sudo or create users).
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata