giggle-files-management

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is designed to upload local files to the api.giggle.pro and s3.amazonaws.com endpoints. While this involves sending data to external servers, it is the primary stated purpose of the skill and is consistent with the vendor's own infrastructure.
  • [COMMAND_EXECUTION]: The skill executes a local shell script (scripts/upload.sh) to coordinate the upload process. The script uses standard command-line utilities including curl for network requests and jq for parsing JSON responses.
  • [PROMPT_INJECTION]: Analysis of indirect prompt injection surfaces (Category 8):
  • Ingestion points: Local file paths provided as arguments to the upload script.
  • Boundary markers: None present in the script or documentation for file content.
  • Capability inventory: Shell execution (bash) and network upload capabilities (curl).
  • Sanitization: The script performs existence checks on the file path and uses jq for structured output, but does not sanitize the file content itself as it is intended for binary/text upload.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — giggle-files-management