dreamina-video-multi-frame

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The example requires passing a user sessionid directly into the HTTP Cookie header (Cookie: sessionid=...), which forces the agent to accept and embed a secret/token verbatim into requests or generated code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill accepts user-supplied image_uri_list (arbitrary image URLs) and prompt_list which are sent to the external AIGC endpoint (https://jimeng.jianying.com/mweb/v1/aigc_draft/generate), so untrusted public/user-generated content from arbitrary URLs will be ingested as part of the generation workflow.