uapi-post-text-base64-encode
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves its stated purpose as a tool for Base64 text encoding. The instructions and metadata are consistent with its functional implementation.
- [DATA_EXFILTRATION]: The skill sends data to 'https://uapis.cn/api/v1'. This is the intended behavior for an encoding service and does not target sensitive system files, environment variables, or private credentials.
- [CREDENTIALS_UNSAFE]: The skill correctly handles authentication by advising users to provide their own UAPI Key if needed, rather than hardcoding credentials or attempting to harvest system secrets.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user data for processing. While this presents a theoretical attack surface, the specific transformation (Base64 encoding) is a standard data operation and no exploitable capabilities (like command execution or writing to sensitive files) are present in the skill's design.
Audit Metadata