seedance-2
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides a standard interface for interacting with the Higgsfield MCP video generation service. All external interactions are conducted through managed MCP tools or standard CLI utilities.
- [COMMAND_EXECUTION]: The skill utilizes several CLI tools to facilitate its workflow:
- Prompt Helper: Executes a local Python script
scripts/prompt_tools.pyto format and reframe video prompts. - Media Management: Employs
curlfor uploading reference media to transient URLs provided by the MCP server and for downloading generated video results. - OCR and Processing: Recommends the use of
tesseractandffmpegfor automating the extraction and cropping of text regions from storyboard panels to ensure high-fidelity text rendering in the output video. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) as it interpolates user-supplied text and audio transcripts into the final generation prompt.
- Ingestion points: User prompts, audio transcripts, and external prompt files processed by
scripts/prompt_tools.py. - Boundary markers: Absent. The helper script appends reference clauses directly to the prompt body.
- Capability inventory: Access to the
generate_videoMCP tool and file-system read/write viacurl. - Sanitization: No explicit sanitization or escaping of the user-provided content is performed by the helper script before interpolation.
Audit Metadata