uapi-get-webparse-extractimages
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: External Network Communication. The skill performs network requests to the domain uapis.cn, which is not on the established whitelist for trusted data operations.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external data from user-supplied URLs, creating a vulnerability where instructions embedded in those pages could influence the agent. Ingestion points: url parameter in references/operations/get-webparse-extractimages.md. Boundary markers: Absent; there are no delimiters to isolate external content. Capability inventory: Network access via the GET method. Sanitization: No sanitization or validation of the remote content is described.
- [NO_CODE]: The skill consists exclusively of documentation and configuration files (Markdown and YAML) and does not include any executable code or scripts.
Audit Metadata