Skills
skills/benzema216/dreamina-claude-skills/dreamina-query-result/Gen Agent Trust Hub

dreamina-query-result

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (MEDIUM): The skill requires a 'sessionid' cookie for authentication, which is a sensitive credential transmitted in HTTP headers and handled by the agent.
  • [COMMAND_EXECUTION] (MEDIUM): The 'download_file' function writes binary data to an 'output_path' provided at runtime. The lack of validation for this path could allow an agent to overwrite sensitive local files.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill fetches resources from external domains ('jianying.com' and 'byteimg.com').
  • [PROMPT_INJECTION] (MEDIUM): The skill possesses an indirect prompt injection surface. 1. Ingestion point: 'query_result' API response data. 2. Boundary markers: Absent. 3. Capability inventory: 'download_file' (file-write). 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 05:43 AM