uapi-post-text-aes-decrypt
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits sensitive data, including user-supplied AES keys and encrypted text, to a remote endpoint (
https://uapis.cn/api/v1/text/aes/decrypt). This operation exposes potentially confidential information to a third-party domain that is not a well-known trusted service.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its handling of untrusted data. 1. Ingestion points: Untrusted data enters the agent context through thetextandkeyfields in the request body for thepost-text-aes-decryptoperation. 2. Boundary markers: No delimiters or instructions are provided to the agent to treat the decrypted output as untrusted. 3. Capability inventory: The skill performs network operations via the tool interface to an external API. 4. Sanitization: No evidence of sanitization, escaping, or validation of the decrypted content was found before it is returned to the agent's context.\n- [NO_CODE]: The skill does not include any executable scripts or binary files, which significantly reduces the risk of direct malicious code execution or persistence on the host system.
Audit Metadata