giggle-generation-aimv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly calls Giggle.pro API endpoints (e.g., /api/v1/trustee_mode/mv/query and related trustee_mode endpoints in scripts/trustee_api.py) and ingests response fields like current_step, pay_status, steps, err_msg, and video_asset.download_url from the third‑party service (and asset URLs at assets.giggle.pro) which the agent interprets to decide pay/retry/complete actions, exposing it to untrusted third‑party content that could influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes a payment API and instructions to perform payments as part of its workflow: it states the workflow will "detect and pay pending items," references a pay endpoint (/api/v1/trustee_mode/mv/pay) with the request body {"project_id": ""} and a response containing order_id and price, and instructs callers to call the pay endpoint when pay_status is "pending." These are concrete, specific instructions to execute payment actions (i.e., trigger monetary charges) rather than generic API or browser automation.