uapi-post-image-frombase64
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-supplied Base64 image data to an external service for processing.
- Evidence: Data is sent to the endpoint
https://uapis.cn/api/v1/image/frombase64as specified in the operation documentation and skill description. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface, as it ingests untrusted user content and passes it to an external API.
- Ingestion points: The
imageDatafield within the JSON request body (defined inreferences/operations/post-image-frombase64.md). - Boundary markers: None identified. The skill does not use delimiters or specific instructions to protect the model from potentially malicious content within the user-provided images.
- Capability inventory: The skill has the capability to perform network requests (POST) to the UAPI endpoint.
- Sanitization: No sanitization or content validation is performed on the image data before it is transmitted to the external service.
Audit Metadata