seedance
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructions in 'SKILL.md' and 'README.md' direct the agent to execute a local shell script ('skills.sh') that is not included in the provided file set. This makes the primary execution logic and parameter handling behavior completely unverifiable and high-risk.
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: The '--prompt' and '--image' arguments are entry points for untrusted user-controlled content. Boundary markers: The instructions rely solely on shell quoting, which is insufficient to prevent adversarial instruction injection. Capability inventory: The skill (via 'skills.sh') executes bash commands, makes network API requests to BytePlus, and writes files to the local system. Sanitization: No sanitization or validation logic is present in the provided files.
- CREDENTIALS_UNSAFE (HIGH): The skill is explicitly designed to read the '.env' file in the project root to load the 'ARK_API_KEY'. Accessing sensitive environment files is a high-risk pattern that exposes credentials to the skill's logic.
- EXTERNAL_DOWNLOADS (MEDIUM): The README.md specifies that the skill automatically installs the 'byteplus-python-sdk-v2' Python package on first run. Runtime installation of dependencies from an unverified source (potatoman03) by an unprovided script is a supply chain risk.
Recommendations
- AI detected serious security threats
Audit Metadata