uapi-post-convert-json
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is well-documented and performs a specific, legitimate task. All external references point to the service's official domain at uapis.cn.
- [INDIRECT_PROMPT_INJECTION]: As a data processing tool, the skill accepts user-supplied JSON strings for formatting. This is a standard attack surface where malicious input could theoretically attempt to influence the agent.
- Ingestion points: User-provided data is placed in the
contentfield of the request body as described inreferences/operations/post-convert-json.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the input/output as untrusted data.
- Capability inventory: The skill is limited to calling the
POST /convert/jsonendpoint via HTTP. - Sanitization: No sanitization of the input string is mentioned in the documentation.
Audit Metadata