jimeng-skill
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes the official Jimeng CLI installation script from 'jimeng.jianying.com' using a piped-to-shell pattern.
- [COMMAND_EXECUTION]: The skill instructs the agent to construct and run shell commands by interpolating unvalidated user inputs (such as '--prompt' and '--submit_id'). This lacks proper sanitization or escaping, making the system vulnerable to shell command injection if malicious inputs are provided.
- [EXTERNAL_DOWNLOADS]: Automates the download of files from arbitrary URLs provided in the tool's output using 'curl' without verifying the destination or content integrity.
- [PROMPT_INJECTION]: Demonstrates a vulnerability surface for indirect prompt injection. 1. Ingestion points: Local text files (prompt.txt) and user-supplied task IDs. 2. Boundary markers: No delimiters or isolation techniques are used for interpolated values. 3. Capability inventory: Direct shell access, file reading ('cat'), and network requests ('curl'). 4. Sanitization: No sanitization or validation of the input content is performed before execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://jimeng.jianying.com/cli - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata