The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes user-provided text prompts ('text_prompt') and external file inputs (image/video) which are sent to the Alibaba Wan 2.6 models.
Ingestion points: text_prompt, input_image, and input_video fields in the input JSON.
Boundary markers: None detected in the documentation; instructions are passed directly to the model.
Capability inventory: The skill has no local execution capabilities. All actions (run, upload, download) are performed via the refly CLI, which interfaces with a remote workflow.
Sanitization: No sanitization is performed on the user prompt before it is passed to the generation model. An attacker could attempt to embed instructions in the prompt to bypass model safety filters (e.g., generating prohibited content), but this would not affect the local host's security.
[Remote Code Execution] (SAFE): The skill documentation provides shell examples using the refly CLI. These are intended for user reference and do not contain automated scripts that execute remote payloads or untrusted code.
[Data Exfiltration] (SAFE): While the skill manages file uploads and downloads, these operations are directed to the platform's official storage (refly.ai) via the authenticated CLI tool. No unauthorized network operations or exfiltration patterns were detected.

wan-video