uni-vision-engine

The skill contains a hardcoded session token in `scripts/generate.js` and uses `execSync` to dynamically install the `form-data` NPM package at runtime, which is a risky practice. While the behavior aligns with the stated purpose of interfacing with a local Docker-based video generation API (localhost:5100), the inclusion of hardcoded credentials and the use of shell execution for dependency management are significant security vulnerabilities.