seedance

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These links combine legitimate docs (inference.sh, raw.githubusercontent.com) with many ambiguous, nonstandard or placeholder direct-media domains (e.g., clip1.mp4, music.mp3, your-image.jpg) that could be attacker-controlled; there are no obvious official installer binaries but downloading/executing unknown files from such ambiguous hosts is moderately high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly accepts arbitrary external URLs for reference_images, reference_videos, and reference_audios (e.g., examples using "https://character-portrait.jpg", "https://original-video.mp4", "https://music.mp3") which the CLI will ingest and whose content is used to guide/generate or edit videos, so untrusted third‑party media could indirectly inject instructions or influence behavior.