Skills
skills/freestylefly/canghe-skills/manga-drama/Gen Agent Trust Hub

manga-drama

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It accepts untrusted user input (the 'theme' and 'character' descriptions) and interpolates it into the final prompt sent to the video generation model.
  • Ingestion points: The theme argument in scripts/manga_drama.py and the prompt field in the script JSON.
  • Boundary markers: None. Input is concatenated directly (e.g., prompt = f"{theme}主题,{prompt}").
  • Capability inventory: The skill has the ability to make network requests (urllib), write to the filesystem (open), and execute system commands (subprocess).
  • Sanitization: No validation or escaping is performed on the user-provided theme or character description before prompt construction.
  • [COMMAND_EXECUTION]: The script scripts/seedance_video.py uses subprocess.run to call the curl command for downloading video files. While it uses a list-based argument structure to mitigate shell injection, downloading files from URLs returned by an external API is a security risk if the API response is compromised or intercepted.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from the Volcengine API (ark.cn-beijing.volces.com). While this is a well-known service, the implementation explicitly disables SSL certificate verification by setting ssl.CERT_NONE in scripts/seedance_video.py. This best-practice violation allows for potential interception or modification of data (including API keys and video content) by a malicious actor on the network.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 05:35 AM