seedance-v2

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill accepts external content through several parameters, which presents an attack surface for indirect prompt injection where instructions hidden in provided data could influence the agent.
  • Ingestion points: The materialUrl and materialFile fields in references/form-schema.json allow the ingestion of data from external websites and uploaded files.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the configuration files.
  • Capability inventory: The skill's primary capability is communicating with the vendor's API at ai-skills.ai using the provided Python runner.
  • Sanitization: There is no evidence of validation or filtering for the data ingested from external URLs or files.
  • [EXTERNAL_DOWNLOADS]: The Python runner script (scripts/run.py) performs outbound network requests to the domain ai-skills.ai to execute the business diagnosis logic.
  • [COMMAND_EXECUTION]: The skill provides a script scripts/run.py intended for execution in the user's environment to facilitate API communication.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — seedance-v2