anonymous-file-upload
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and run a Docker image (
ghcr.io/besoeasy/originless) from the author's official repository. This image is used to host the decentralized storage backend locally. - [COMMAND_EXECUTION]: The instructions include shell commands for running Docker containers, performing file uploads via
curl, and generating cryptographic keys usingnode. These are standard operations required for the skill's stated purpose of decentralized file management. - [DATA_EXFILTRATION]: The skill's primary function is to upload user-provided files to external anonymous hosting services, including
besoeasy.com,0x0.st, andtransfer.sh. While this involves sending data to external servers, it is the documented and intended purpose of the skill. User awareness is maintained through the explicit use of these services.
Audit Metadata