aigc-director

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The codebase contains multiple high-risk, easily-abusable patterns (unauthenticated HTTP APIs bound to 0.0.0.0, static mounting of local result files, unvalidated artifact patching that accepts arbitrary filesystem paths, and image/video clients that will read local files and upload/encode them to external model providers — plus a hardcoded external Gemini base_url) which together enable straightforward local-file/secret exfiltration and remote data leakage; while there is no obvious obfuscated backdoor or eval-based RCE, these design choices create a practical backdoor for exfiltration and remote access if an attacker can reach the API.