uapi-post-text-base64-decode
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and instructions for an agent to interact with a legitimate external API (uapis.cn) for Base64 decoding. The network operations are restricted to the service's primary domain and are necessary for the skill's stated purpose.
- [SAFE]: No obfuscation, hidden URLs, or suspicious encoding techniques were detected in the files.
- [SAFE]: The skill does not include any executable scripts or configuration files that install external dependencies or execute remote code.
- [SAFE]: There are no attempts at privilege escalation, persistence, or credential harvesting. Instructions for authentication involve the user providing their own API keys where necessary.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted user data (Base64 strings) and returns the decoded content to the agent context without explicit boundary markers or instructions to ignore commands within the decoded output.
- Ingestion points: API response defined in
references/operations/post-text-base64-decode.mdcontaining the decoded 'text'. - Boundary markers: Absent. There are no instructions in the prompt to treat the decoded output as data rather than instructions.
- Capability inventory: The agent can call the POST /text/base64/decode endpoint to retrieve content.
- Sanitization: Absent. The skill performs direct decoding and presentation of external data.
Audit Metadata