uapi-post-sensitive-word-quick-check
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were found. The skill correctly limits its scope to calling a specific text moderation API provided by UAPI.
- [DATA_EXPOSURE]: The skill communicates with
https://uapis.cn, which is the legitimate endpoint for the described service. It does not hardcode credentials or attempt to access sensitive local files (e.g., .ssh, .env). - [PROMPT_INJECTION]: No attempts to bypass AI safety guidelines, override system prompts, or extract system instructions were identified in the skill's documentation or agent configuration.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute any external scripts, binary files, or unverifiable packages. It uses standard HTTP methods for its primary function.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided text for moderation (an ingestion point in
references/operations/post-sensitive-word-quick-check.md), it lacks any exploitable capabilities like dynamic execution or file writing that would elevate the risk. This is standard behavior for content filtering tools.
Audit Metadata