dreamina-gen-image
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill makes outbound HTTP POST requests to jimeng.jianying.com and an internal ByteDance domain bytedance.net. Neither domain is on the trusted whitelist.
- DATA_EXFILTRATION (MEDIUM): The functions generate_image and query_result take a sessionid as an argument and transmit it as a cookie to external endpoints. This pattern creates a sink for sensitive authentication data.
- PROMPT_INJECTION (MEDIUM): This skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: The 'prompt' parameter in the generate_image function. 2. Boundary markers: Absent. The user-provided prompt is directly embedded into the JSON payload without delimiters or 'ignore' instructions. 3. Capability inventory: Network operations via requests.post to external and internal domains. 4. Sanitization: Absent. No filtering or escaping of the prompt string occurs before transmission.
- COMMAND_EXECUTION (LOW): The generate_sign function uses a custom signing algorithm with hardcoded parameters (e.g., '9e2c'). While used for API compatibility, this reverse-engineered logic represents non-standard behavior.
Audit Metadata