uapi-get-image-tobase64

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill serves as a legitimate wrapper for an image processing API. Its structure, including reference files for operations and resources, follows best practices for tool definition without attempting to bypass safety controls.
  • [DATA_EXFILTRATION]: The skill facilitates the transmission of user-provided image URLs to the third-party domain uapis.cn. This is the core functional requirement for the image conversion service and is clearly documented for the user.
  • [PROMPT_INJECTION]: The skill processes untrusted input in the form of external image URLs (Ingestion point: url parameter in references/operations/get-image-tobase64.md). While the skill does not define specific boundary markers or sanitization logic, the capability is limited to retrieving a Base64 data string via the uapis.cn proxy, which minimizes the risk of the agent interpreting the payload as instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-get-image-tobase64