public-files
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates interaction with the Layerproof public API for file operations like upload preparation, confirmation, and deletion.
- [COMMAND_EXECUTION]: Utilizes the curl utility to perform standard HTTP requests to defined API endpoints for file management.
- [DATA_EXFILTRATION]: Communicates with an external service defined by $LAYERPROOF_BASE_URL using authentication tokens from $LAYERPROOF_API_KEY. This activity is consistent with the skill's stated purpose of API integration and follows best practices for secret management.
- [PROMPT_INJECTION]: The skill ingests raw JSON data from API responses, creating an indirect prompt injection surface. * Ingestion points: API response bodies from the /api/v2/files controller. * Boundary markers: Absent; responses are displayed as raw JSON. * Capability inventory: Subprocess execution via curl and network operations. * Sanitization: Absent; the skill does not specify escaping or validation of the remote API content.
Audit Metadata