uapi-get-network-urlstatus
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill facilitates network requests to the domain
uapis.cn. When the agent uses this skill to check a URL's status, that URL is transmitted to the external UAPI service. This constitutes a data transmission to a non-whitelisted third-party domain, although it is the intended core functionality of the skill. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests untrusted data (URLs) and processes them via an external API.
- Ingestion points: The
urlquery parameter defined inreferences/operations/get-network-urlstatus.mdis the primary entry point for untrusted data. - Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat the
urlinput as purely data or to ignore any instructions embedded within the URL or the resulting API response. - Capability inventory: The skill allows the agent to perform network GET requests through the
uapis.cninfrastructure. - Sanitization: No validation or sanitization logic is described in the skill documentation to ensure the input is a safe or legitimate URL before transmission.
- [NO_CODE]: The skill does not include any executable scripts, binaries, or configuration files that execute code on the local environment. It consists entirely of Markdown documentation and YAML configuration for the AI agent.
Audit Metadata