jimeng-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs using the dreamina CLI which calls the jimeng service (e.g., the SKILL.md steps for dreamina query_result that return task status and a download URL, and the curl install from https://jimeng.jianying.com/cli), and the agent is expected to extract and act on those third-party-provided values (download URLs/status) — untrusted remote/user-generated content that can directly influence subsequent tool use (downloads/commands).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs at runtime to run curl -fsSL https://jimeng.jianying.com/cli | bash, which fetches and immediately executes remote code (the CLI installer) and is presented as a required dependency, so this URL is a high-risk runtime external dependency.