Skills
skills/merit-systems/agentcash-skills/upload-and-share/Gen Agent Trust Hub

upload-and-share

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx agentcash@latest, which downloads and executes the latest version of the agentcash package from the npm registry. This is a standard practice for this tool's ecosystem.
  • [COMMAND_EXECUTION]: The skill utilizes curl to perform file uploads to generated S3-backed URLs. This is an expected behavior for a file-sharing utility.
  • [COMMAND_EXECUTION]: Various shell commands like ls -la, wc -c, and npm install -g are documented for file size verification and environment setup.
  • [DATA_EXFILTRATION]: While the skill's primary purpose is to upload files to a third-party service (stableupload.dev), this is the stated intent of the 'Upload and Share' functionality. The user must explicitly trigger the upload of specific files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 11:23 AM