seedance
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides instructions for the agent to upload local files (specifically screenshots of applications or websites) to external services to obtain public URLs. While it supports authenticated services, it also includes instructions for using anonymous public hosting like
litterbox.catbox.moe. This poses a risk of exposing sensitive information that may be captured in screenshots to the public internet without authentication. - [COMMAND_EXECUTION]: The skill extensively uses shell commands to perform its tasks. This includes using
curlfor API requests and file uploads/downloads, andcatto manage temporary JSON payloads. It also employs inline Python execution (python -c) to parse JSON responses from various APIs. - [EXTERNAL_DOWNLOADS]: The skill involves downloading external content, specifically the final generated video files from remote storage servers (e.g.,
fal.media). - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data from the web.
- Ingestion points: Untrusted data enters the agent context through screenshots of arbitrary websites and metadata scraped from the iTunes App Store API.
- Boundary markers: Absent. There are no specific delimiters or instructions to the agent to distinguish between its own logic and potentially malicious instructions embedded in the screenshotted content or scraped metadata.
- Capability inventory: The skill can perform network requests (
curl), capture screenshots (playwright), and execute shell/Python commands. - Sanitization: Absent. The skill does not implement validation or escaping of the ingested external content before using it to construct prompts for the video generation model.
Audit Metadata