uapi-get-misc-timestamp

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network operations to the UAPI public API service at https://uapis.cn/api/v1/misc/timestamp. This interaction is consistent with the skill's purpose of providing utility functions from its own platform.\n- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it interpolates user-provided data into external API requests and processes the resulting output.\n
  • Ingestion points: The ts query parameter defined in references/operations/get-misc-timestamp.md.\n
  • Boundary markers: Absent; there are no specific delimiters to isolate the untrusted input or output from the agent's primary instructions.\n
  • Capability inventory: The skill is capable of performing HTTP GET requests to external domains.\n
  • Sanitization: The documentation recommends verifying that the ts parameter is a numeric string, providing a basic form of input validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-get-misc-timestamp