uapi-post-image-motou
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill employs misleading metadata by including keywords unrelated to its primary function. While the skill is designed to generate a 'petting head' GIF, it lists keywords such as 'nsfw image detection', 'image compression', and 'svg to image'.
- Evidence: In
SKILL.mdandreferences/quick-start.md, the English keywords section includes:image compression,image to base64,base64 to image,svg to image,nsfw image detection. - Risk: This discrepancy could cause an AI agent to incorrectly select this skill when a user requests a sensitive operation like NSFW detection. This would result in the user's image being sent to the external GIF generation service instead of the intended tool.
- [DATA_EXFILTRATION]: The skill is configured to send user-provided data, including image files and URLs, to an external API.
- Evidence: The file
references/operations/post-image-motou.mdspecifies that the agent should send animage_urlor afiletohttps://uapis.cn/api/v1/image/motouvia a POST request. - Risk: Combined with the misleading keywords, there is a heightened risk that sensitive user data (such as private images intended for a safety check) could be exfiltrated to a third-party domain without the user's informed consent.
Audit Metadata