giggle-generation-drama

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill requires returning full signed download URLs (including Policy/Signature/Key-Pair-Id query params) verbatim and thus compels the agent to handle and emit secret-like tokens from API responses, creating an exfiltration risk even though it uses an env var for the API key.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls public Giggle.pro APIs (see SKILL.md and scripts/trustee_api.py: get_styles, query_progress/query-v2 and trustee_mode endpoints) and accepts arbitrary character image URLs, and it parses those external JSON responses (e.g., pay_status/current_step) to decide payments and control the execute_workflow loop, so untrusted third-party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill's main workflow explicitly includes detecting pending payment and "auto-pay (if needed)" and notes that execute_workflow "handles create, submit, poll, pay, and completion." That indicates the skill is specifically designed to perform payment operations via the Giggle.pro API (requires an API key and will automatically pay when required). This is explicit financial execution capability (automated payments), not a generic API caller or browser automation.