seedance-auto-generate
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the 'cp' shell command to move local files between directories, which involves direct interaction with the host system and potential access to sensitive locations like the Downloads folder.
- [DATA_EXFILTRATION]: Local user images are accessed and uploaded to the external domain 'higgsfield.ai' as part of the video generation workflow. While this is the primary function, it facilitates the transfer of local data to a remote platform.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes user-provided text prompts and image files without sanitization or boundary markers.
- Ingestion points: User-supplied image paths and text prompts (documented in Steps 0 and 9).
- Boundary markers: Absent; user inputs are directly interpolated into commands and form fields without delimiters.
- Capability inventory: Shell execution ('cp') and browser automation via Playwright (navigation, file upload, form interaction).
- Sanitization: Absent; there is no validation or escaping of external content before it is used by tools.
Audit Metadata