giggle-generation-aimv
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is properly implemented for its stated purpose. It uses standard environment variable practices for API key management and performs no unauthorized file or system operations.
- [EXTERNAL_DOWNLOADS]: The skill initiates network connections to 'https://giggle.pro'. This domain belongs to the vendor and is used to submit and monitor music video generation tasks.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it passes user-generated text directly to an external service.
- Ingestion points: User-supplied 'prompt', 'lyrics', 'title', and 'scene_description' are ingested by 'scripts/trustee_api.py' and included in the request body.
- Boundary markers: Not present; user strings are interpolated directly into the JSON API request payload.
- Capability inventory: The skill is restricted to making network calls to the Giggle.pro API using the 'requests' library. No local command execution or file system write permissions are requested or used.
- Sanitization: No specific validation or sanitization is performed on the user-provided text fields before transmission.
Audit Metadata