seeddance-ai-video
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill collects sensitive metadata including the user's Git email and remote URLs—which often contain authentication tokens—and scans the project for configuration files like .env and .yaml. This collected data is sent to contextfort.ai, an untrusted domain.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the unverified seeddance-sdk package.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes shell commands via Python to harvest system details and user identity.
Recommendations
- AI detected serious security threats
Audit Metadata