seedance-v2
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill accepts external content through several parameters, which presents an attack surface for indirect prompt injection where instructions hidden in provided data could influence the agent.
- Ingestion points: The
materialUrlandmaterialFilefields inreferences/form-schema.jsonallow the ingestion of data from external websites and uploaded files. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the configuration files.
- Capability inventory: The skill's primary capability is communicating with the vendor's API at
ai-skills.aiusing the provided Python runner. - Sanitization: There is no evidence of validation or filtering for the data ingested from external URLs or files.
- [EXTERNAL_DOWNLOADS]: The Python runner script (
scripts/run.py) performs outbound network requests to the domainai-skills.aito execute the business diagnosis logic. - [COMMAND_EXECUTION]: The skill provides a script
scripts/run.pyintended for execution in the user's environment to facilitate API communication.
Audit Metadata