giggle-files-management
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to upload local files to the
api.giggle.proands3.amazonaws.comendpoints. While this involves sending data to external servers, it is the primary stated purpose of the skill and is consistent with the vendor's own infrastructure. - [COMMAND_EXECUTION]: The skill executes a local shell script (
scripts/upload.sh) to coordinate the upload process. The script uses standard command-line utilities includingcurlfor network requests andjqfor parsing JSON responses. - [PROMPT_INJECTION]: Analysis of indirect prompt injection surfaces (Category 8):
- Ingestion points: Local file paths provided as arguments to the upload script.
- Boundary markers: None present in the script or documentation for file content.
- Capability inventory: Shell execution (
bash) and network upload capabilities (curl). - Sanitization: The script performs existence checks on the file path and uses
jqfor structured output, but does not sanitize the file content itself as it is intended for binary/text upload.
Audit Metadata