dreamina-video-first-frame
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes untrusted input through the 'prompt' parameter and transmits it to an external API, creating a vulnerability to indirect prompt injection. * Ingestion points: 'prompt' and 'image_uri' parameters in the 'image_to_video' function (SKILL.md). * Boundary markers: None; user input is string-interpolated directly into a JSON request structure. * Capability inventory: Outbound network calls via 'requests.post' to jimeng.jianying.com, carrying sensitive session cookies. * Sanitization: None; no filtering or escaping is applied to the input.
- Data Exposure & Exfiltration (LOW): The skill performs network requests to a non-whitelisted third-party domain and handles sensitive session tokens. * Evidence: Network operations targeting 'https://jimeng.jianying.com'. * Context: The skill utilizes a 'sessionid' cookie provided by the user to authenticate with the external service.
Audit Metadata