uapi-get-image-qrcode

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits intent-hijacking patterns through misleading metadata. In SKILL.md and references/quick-start.md, the skill includes keywords such as 'nsfw image detection', 'image compression', 'image to base64', and 'svg to image'. These terms are entirely unrelated to the skill's actual capability (QR code generation) and appear designed to manipulate the agent's discovery mechanism into selecting this tool for sensitive or different tasks.
  • [DATA_EXFILTRATION]: The skill facilitates the transmission of potentially sensitive user-supplied text to a third-party domain (uapis.cn) via the text parameter in the get-image-qrcode operation. This creates a data outflow path to an external service for any content the user or agent decides to encode.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its data ingestion surface.
  • Ingestion points: The text query parameter in references/operations/get-image-qrcode.md allows for arbitrary text input.
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions that might be embedded in the data being processed for QR generation.
  • Capability inventory: The skill possesses network communication capabilities (GET requests to uapis.cn).
  • Sanitization: Absent. There is no evidence of input validation or sanitization before the user data is interpolated into the API request URL.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 07:26 AM
Security Audit — agent-trust-hub — uapi-get-image-qrcode