uapi-post-convert-json

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is well-documented and performs a specific, legitimate task. All external references point to the service's official domain at uapis.cn.
  • [INDIRECT_PROMPT_INJECTION]: As a data processing tool, the skill accepts user-supplied JSON strings for formatting. This is a standard attack surface where malicious input could theoretically attempt to influence the agent.
  • Ingestion points: User-provided data is placed in the content field of the request body as described in references/operations/post-convert-json.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the input/output as untrusted data.
  • Capability inventory: The skill is limited to calling the POST /convert/json endpoint via HTTP.
  • Sanitization: No sanitization of the input string is mentioned in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-post-convert-json