seedance-prompt
Fail
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill defines a workflow to install the 'Dreamina CLI' by executing
curl -fsSL https://jimeng.jianying.com/cli | bash. Piping a remote script to a shell is a high-risk pattern that allows a third-party server to execute arbitrary code on the host machine. - [COMMAND_EXECUTION]: The skill performs environment discovery by executing shell commands such as
which dreaminaanddreamina --versionto check for tool availability. - [COMMAND_EXECUTION]: The skill creates a command injection vulnerability by passing a generated English prompt (up to 2000 characters) and user-provided image paths as arguments to the
dreaminaCLI. This implementation lacks sanitization or boundary markers to prevent the execution of malicious shell metacharacters embedded in the generated text. - [EXTERNAL_DOWNLOADS]: The skill fetches an external script from
https://jimeng.jianying.com/clifor installation, which is a source not included in the trusted vendors list.
Recommendations
- HIGH: Downloads and executes remote code from: https://jimeng.jianying.com/cli - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata