uapi-post-image-frombase64

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits user-supplied Base64 image data to an external service for processing.
  • Evidence: Data is sent to the endpoint https://uapis.cn/api/v1/image/frombase64 as specified in the operation documentation and skill description.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface, as it ingests untrusted user content and passes it to an external API.
  • Ingestion points: The imageData field within the JSON request body (defined in references/operations/post-image-frombase64.md).
  • Boundary markers: None identified. The skill does not use delimiters or specific instructions to protect the model from potentially malicious content within the user-provided images.
  • Capability inventory: The skill has the capability to perform network requests (POST) to the UAPI endpoint.
  • Sanitization: No sanitization or content validation is performed on the image data before it is transmitted to the external service.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-post-image-frombase64