uapi-post-sensitive-word-quick-check

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were found. The skill correctly limits its scope to calling a specific text moderation API provided by UAPI.
  • [DATA_EXPOSURE]: The skill communicates with https://uapis.cn, which is the legitimate endpoint for the described service. It does not hardcode credentials or attempt to access sensitive local files (e.g., .ssh, .env).
  • [PROMPT_INJECTION]: No attempts to bypass AI safety guidelines, override system prompts, or extract system instructions were identified in the skill's documentation or agent configuration.
  • [REMOTE_CODE_EXECUTION]: The skill does not download or execute any external scripts, binary files, or unverifiable packages. It uses standard HTTP methods for its primary function.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided text for moderation (an ingestion point in references/operations/post-sensitive-word-quick-check.md), it lacks any exploitable capabilities like dynamic execution or file writing that would elevate the risk. This is standard behavior for content filtering tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-post-sensitive-word-quick-check