uapi-get-webparse-extractimages

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • [DATA_EXFILTRATION]: External Network Communication. The skill performs network requests to the domain uapis.cn, which is not on the established whitelist for trusted data operations.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external data from user-supplied URLs, creating a vulnerability where instructions embedded in those pages could influence the agent. Ingestion points: url parameter in references/operations/get-webparse-extractimages.md. Boundary markers: Absent; there are no delimiters to isolate external content. Capability inventory: Network access via the GET method. Sanitization: No sanitization or validation of the remote content is described.
  • [NO_CODE]: The skill consists exclusively of documentation and configuration files (Markdown and YAML) and does not include any executable code or scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-get-webparse-extractimages