The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The file .claude/settings.local.json contains several instances of a hardcoded Bearer token (284a87a1fb9b589bf7927a9b2cd50321) within its permission strings. This exposes a sensitive Session ID that could be used to impersonate the user on the third-party service.
EXTERNAL_DOWNLOADS (HIGH): The README.md and setup instructions direct users to pull and run a Docker image from an untrusted repository (wwwzhouhui569/jimeng-free-api-all:latest). Executing code from unknown third-party maintainers is a high-risk activity that can lead to system compromise.
COMMAND_EXECUTION (HIGH): The skill's configuration in .claude/settings.local.json pre-authorizes dangerous system commands including systemctl, chmod, pkill, and kill. This significantly escalates the agent's privilege, allowing it to modify system services and file permissions without manual oversight.
DATA_EXFILTRATION (MEDIUM): The generate_video.sh script sends user-provided data and authentication tokens to an untrusted external domain (https://jimeng.duckcloud.fun). This poses a risk of session hijacking or data theft by the third-party proxy provider.
INDIRECT_PROMPT_INJECTION (LOW): The skill has an attack surface for indirect prompt injection as it processes untrusted user input to generate video prompts.
Ingestion points: User-provided --prompt and --image-prompt arguments in generate_video.sh.
Boundary markers: Absent; the script does not wrap user input in delimiters or instructions to ignore embedded commands.
Capability inventory: The script has curl network access and mkdir file-write capabilities.
Sanitization: Partial; the script uses jq to escape the JSON body for images, but interpolates other fields directly into shell command arguments.

seedance-video-creator