Skills
skills/benzema216/dreamina-claude-skills/dreamina-edit-image/Gen Agent Trust Hub

dreamina-edit-image

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill provides a mechanism for processing untrusted external content through the prompt parameter.
  • Ingestion Point: The prompt variable in the edit_image_with_reference function.
  • Boundary Markers: None detected. The prompt is simply concatenated with ## inside the JSON payload.
  • Capability Inventory: Network write operations via requests.post to external (jimeng.jianying.com) and internal (bytedance.net) endpoints.
  • Sanitization: No escaping or validation is performed on the user-supplied string before it is embedded in the draft_content JSON and transmitted.
  • Data Exposure (MEDIUM): The tool requires a sessionid (cookie) for authentication. While not hardcoded, the logic handles sensitive credentials which could be exfiltrated if the agent's logic is subverted through the aforementioned prompt injection surface.
  • Command Execution (LOW): The skill utilizes Python's requests library to perform network operations and uuid/hashlib for payload generation. While standard, these tools are used to interact with non-whitelisted external domains.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:38 AM