Skills
skills/airoyi/seedance2.0-skill/seedance-2-0/Gen Agent Trust Hub

seedance-2-0

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bun runtime to execute a TypeScript-based CLI tool (seedance2.0.ts) that processes user arguments and interacts with the file system.
  • [EXTERNAL_DOWNLOADS]: Automatically downloads generated video files from ByteDance's official cloud storage to the local workspace upon task completion.
  • [DATA_EXFILTRATION]: Transmits user-provided prompts and media URLs to ByteDance's Volcengine API endpoints (ark.cn-beijing.volces.com) for processing. This is the intended functionality of the skill and utilizes a user-provided API key.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8).
  • Ingestion points: User-supplied video prompts and reference media URLs (images, videos, audio) entered via CLI arguments and processed in seedance2.0.ts.
  • Boundary markers: Absent; inputs are directly embedded into the JSON payload sent to the external AI model.
  • Capability inventory: The script has the capability to perform network requests (fetch) and write files to the local disk (fs.writeFileSync).
  • Sanitization: No input validation or sanitization is performed on the prompt text or media URLs before they are passed to the downstream API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 02:29 PM