Doubao Image Generation Skill

Shell command execution function detected

exec(

The skill explicitly uses `exec(command="sleep 15")` and leverages the `curl` binary for downloading images. This demonstrates the agent's capability to execute arbitrary shell commands and perform network requests, which could be abused for data exfiltration, downloading malicious payloads, or system reconnaissance if command arguments were dynamically constructed from untrusted input.

exec(command="sleep 15")
curl -L -H "Referer: https://www.doubao.com/" ... "<url_with_image_pre_watermark>"

The skill utilizes `browser(action="evaluate")` to execute JavaScript within the browser context for extracting image URLs. This capability allows for arbitrary code execution within the browser, which could be exploited for cross-site scripting (XSS) attacks, data extraction from other browser contexts, or interaction with malicious web content if an attacker could inject malicious JavaScript or control the navigated URL.

const imgs = document.querySelectorAll('img[src*="image_generation"]');
const dataUrl = await new Promise(resolve => { ... });

The skill instructs the agent to execute shell commands via exec(), starting with 'sleep 15'. While this specific instance appears benign, the pattern of using exec() for shell commands creates a foothold for command injection if prompt content or URL-derived data is passed unsanitized into exec() calls.

exec(command="sleep 15")

The skill explicitly instructs the agent to use 'image_pre_watermark_1_5b' URL variants to obtain high-resolution images without watermarks. This guides the agent to systematically circumvent the content provider's watermarking/DRM controls, which may violate terms of service and could constitute unauthorized access to premium content.

Use the `image_pre_watermark_1_5b` URL variant for highest quality (1773×2364)

The skill explicitly uses browser automation to bypass the absence of a public API. This is framed as a feature ('Browser automation is required due to lack of public API'), meaning the agent is designed to circumvent access controls and rate-limiting mechanisms the service provider intentionally put in place.

Browser automation is required due to lack of public API

The skill provides a JavaScript snippet to extract images via HTML5 Canvas and convert them to base64 data URLs, effectively bypassing CDN signature authentication. This allows the agent to exfiltrate image data that would otherwise require valid signed URLs, circumventing access controls.

const dataUrl = await new Promise(resolve => {
  const canvas = document.createElement('canvas');
  canvas.width = img.naturalWidth;
  canvas.height = img.naturalHeight;
  const ctx = canvas.getContext('2d');
  ctx.drawImage(img, 0, 0);
  canvas.toBlob(blob => {

The skill instructs curl to send spoofed Referer and User-Agent headers to impersonate a legitimate browser session when downloading CDN content. This is used to bypass hotlink protection and access controls on the CDN.

curl -L -H "Referer: https://www.doubao.com/" \
  -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)"