uapi-get-image-tobase64
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a legitimate wrapper for an image processing API. Its structure, including reference files for operations and resources, follows best practices for tool definition without attempting to bypass safety controls.
- [DATA_EXFILTRATION]: The skill facilitates the transmission of user-provided image URLs to the third-party domain
uapis.cn. This is the core functional requirement for the image conversion service and is clearly documented for the user. - [PROMPT_INJECTION]: The skill processes untrusted input in the form of external image URLs (Ingestion point:
urlparameter inreferences/operations/get-image-tobase64.md). While the skill does not define specific boundary markers or sanitization logic, the capability is limited to retrieving a Base64 data string via theuapis.cnproxy, which minimizes the risk of the agent interpreting the payload as instructions.
Audit Metadata