The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The configuration file .claude/settings.local.json contains a hardcoded authentication token (284a87a1fb9b589bf7927a9b2cd50321) within its command permission history.
[EXTERNAL_DOWNLOADS]: The skill instructions direct users to download and execute a Docker image from an unverified third-party repository (wwwzhouhui569/jimeng-free-api-all:latest). The skill also performs runtime downloads of generated image and video files from remote servers.
[COMMAND_EXECUTION]: The skill executes a custom bash script (scripts/generate_video.sh) and various shell utilities (curl, docker, jq) with parameters derived from user input or AI-generated prompts.
[DATA_EXFILTRATION]: The generate_video.sh script is vulnerable to arbitrary file disclosure. It passes the PROMPT variable directly to curl -F (multipart/form-data). Because curl treats the @ prefix as a file-reading instruction, a malicious prompt could trigger the reading and transmission of sensitive local files (e.g., ~/.ssh/id_rsa or /etc/passwd) to the configured API URL.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted user creative ideas to generate prompts used in sensitive shell commands. The absence of sanitization for the @ control character in the curl command creates an attack surface for data exfiltration. Ingestion points: Creative story descriptions in natural language in SKILL.md. Boundary markers: Absent. Capability inventory: Uses curl to send data to remote APIs in scripts/generate_video.sh. Sanitization: Absent for shell control characters in multipart form fields.

seedance-video-creator