seedance-2

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides a standard interface for interacting with the Higgsfield MCP video generation service. All external interactions are conducted through managed MCP tools or standard CLI utilities.
  • [COMMAND_EXECUTION]: The skill utilizes several CLI tools to facilitate its workflow:
  • Prompt Helper: Executes a local Python script scripts/prompt_tools.py to format and reframe video prompts.
  • Media Management: Employs curl for uploading reference media to transient URLs provided by the MCP server and for downloading generated video results.
  • OCR and Processing: Recommends the use of tesseract and ffmpeg for automating the extraction and cropping of text regions from storyboard panels to ensure high-fidelity text rendering in the output video.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) as it interpolates user-supplied text and audio transcripts into the final generation prompt.
  • Ingestion points: User prompts, audio transcripts, and external prompt files processed by scripts/prompt_tools.py.
  • Boundary markers: Absent. The helper script appends reference clauses directly to the prompt body.
  • Capability inventory: Access to the generate_video MCP tool and file-system read/write via curl.
  • Sanitization: No explicit sanitization or escaping of the user-provided content is performed by the helper script before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM