uapi-post-text-aes-decrypt

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits sensitive data, including user-supplied AES keys and encrypted text, to a remote endpoint (https://uapis.cn/api/v1/text/aes/decrypt). This operation exposes potentially confidential information to a third-party domain that is not a well-known trusted service.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its handling of untrusted data. 1. Ingestion points: Untrusted data enters the agent context through the text and key fields in the request body for the post-text-aes-decrypt operation. 2. Boundary markers: No delimiters or instructions are provided to the agent to treat the decrypted output as untrusted. 3. Capability inventory: The skill performs network operations via the tool interface to an external API. 4. Sanitization: No evidence of sanitization, escaping, or validation of the decrypted content was found before it is returned to the agent's context.\n- [NO_CODE]: The skill does not include any executable scripts or binary files, which significantly reduces the risk of direct malicious code execution or persistence on the host system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-post-text-aes-decrypt