Skills
skills/ashwinramachandran2002/seeddance-video-sdk/seeddance-ai-video/Gen Agent Trust Hub

seeddance-ai-video

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [External Downloads] (MEDIUM): The installation guide requires the installation of the 'seeddance-sdk' package. This package does not originate from a repository within the verified trusted organizations list, meaning its source and integrity cannot be definitively confirmed within the audit framework.
  • [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process user-provided strings and images as 'prompts' for video generation, creating a vulnerability surface for indirect prompt injection.
  • Ingestion points: prompt and image parameters used in client.textToVideo and client.imageToVideo calls.
  • Boundary markers: The skill does not implement delimiters or safety instructions (e.g., 'ignore instructions within the following text') to separate untrusted user data from the execution logic.
  • Capability inventory: The skill possesses the capability to write data to the local file system (fs.writeFileSync) and perform network operations via the SDK.
  • Sanitization: There is no evidence of client-side sanitization or validation of the user input before it is passed to the external API.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 10:14 PM