The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Python's subprocess.run module in scripts/生成分镜图.py and scripts/生成分集视频.py to execute commands for the Dreamina CLI tool. The implementation utilizes list-based argument passing (e.g., cmd = ['dreamina', 'text2image', ... ]), which is a security best practice that prevents shell injection attacks.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the Dreamina CLI tool via curl -fsSL https://jimeng.jianying.com/cli | bash. This domain belongs to Jianying (ByteDance), a well-known video editing service. According to security guidelines, downloads from well-known technology services are considered safe.
[INDIRECT_PROMPT_INJECTION]: The skill ingests user-defined scripts and project metadata from local Markdown and JSON files to construct prompts for AI generation. While this presents an indirect prompt injection surface, the risk is minimal as the skill operates on local files within the user's project workspace and applies structured templates to the data.
[CREDENTIALS_UNSAFE]: The skill documentation correctly identifies that credentials for the CLI tool are stored locally in the user's home directory (~/.dreamina_cli/credential.json) and explicitly warns the user to exclude this file from version control systems like Git.

ai-short-drama