Skills
skills/jjenkins/labnocturne-image-client/upload/Gen Agent Trust Hub

upload

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is designed to transmit local file data to an external domain (images.labnocturne.com). Although it enforces file extension checks (e.g., .jpg, .png), it facilitates the movement of local data to a service that is not recognized as a trusted vendor or well-known service.
  • [EXTERNAL_DOWNLOADS]: If no API key is provided in the environment variables, the skill automatically performs a GET request to https://images.labnocturne.com/key to retrieve a temporary credential.
  • [COMMAND_EXECUTION]: The skill relies on shell commands like ls for file existence checks and curl for both credential retrieval and file uploading. There is an inherent risk of command injection if the file path input provided by the user is not strictly sanitized by the agent before being passed to the system shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 07:11 PM