Skills
skills/doany-ai/skills/seedance-v2/Gen Agent Trust Hub

seedance-v2

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: No malicious behavior, obfuscation, or safety bypasses were detected in the skill instructions.
  • [COMMAND_EXECUTION]: The skill uses the runcomfy CLI to process video generation requests, which is the stated primary purpose of the skill.
  • [EXTERNAL_DOWNLOADS]: Mentions the installation of the @runcomfy/cli package from npm and the skill itself from the agentspace-so/runcomfy-skills repository.
  • [SAFE]: The skill manages a surface for indirect prompt injection through user-supplied prompts and media URLs, implementing several security mitigations.
  • Ingestion points: User-provided prompt, image_url, video_url, and audio_url fields are processed by the skill in SKILL.md.
  • Boundary markers: User inputs are encapsulated within a JSON string for the CLI command.
  • Capability inventory: The skill invokes the runcomfy CLI via a subprocess call as described in SKILL.md.
  • Sanitization: The documentation explicitly states the CLI transmits the JSON body via HTTPS without shell expansion of the prompt content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:25 PM