uapi-post-text-base64-encode

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves its stated purpose as a tool for Base64 text encoding. The instructions and metadata are consistent with its functional implementation.
  • [DATA_EXFILTRATION]: The skill sends data to 'https://uapis.cn/api/v1'. This is the intended behavior for an encoding service and does not target sensitive system files, environment variables, or private credentials.
  • [CREDENTIALS_UNSAFE]: The skill correctly handles authentication by advising users to provide their own UAPI Key if needed, rather than hardcoding credentials or attempting to harvest system secrets.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user data for processing. While this presents a theoretical attack surface, the specific transformation (Base64 encoding) is a standard data operation and no exploitable capabilities (like command execution or writing to sensitive files) are present in the skill's design.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-post-text-base64-encode