Seedance 2 Prompt Engineering Video Gen

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeryAI video-generation skill with paid network actions and optional image upload, but the artifacts describe those behaviors clearly and keep them aligned to the stated purpose.

Install only if you are comfortable using a WeryAI API key for paid video generation. Review the full prompt and parameters before approving a run, prefer public HTTPS image URLs, and do not provide local image paths unless you explicitly want the file read and uploaded to WeryAI.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill claims strong safety controls such as explicit pre-submit confirmation and constrained behavior, but the referenced implementation reportedly supports broader actions including local file upload, polling/wait, and generic CLI operations that are not faithfully represented in the description. That mismatch is dangerous because users and downstream agents may trust the documented guardrails and trigger paid network actions or exfiltrate local images under false assumptions about what the tool will actually do.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal