giggle-generation-music
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests user input for music generation, creating an indirect prompt injection surface.
- Ingestion points: User descriptions and lyrics provided as input to the
promptparameter inSKILL.mdandSKILL.zh-CN.md. - Boundary markers: Absent; user text is passed directly to the execution script without delimiters.
- Capability inventory: The skill can make HTTP POST/GET requests to an external API (
giggle.pro) viascripts/giggle_music_api.py. - Sanitization: Parameters are handled by the
argparsePython library, which treats them as string arguments. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by requiring the
GIGGLE_API_KEYto be passed via environment variables instead of being hardcoded or passed in command-line arguments. - [EXTERNAL_DOWNLOADS]: Network activity is restricted to the legitimate vendor API domain (
giggle.pro) using the well-knownrequestslibrary. - [SAFE]: No malicious scripts, obfuscation, or unauthorized data access were found during the analysis.
Audit Metadata