uapi-post-text-md5
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to send user-supplied text to an external, third-party API endpoint at
https://uapis.cn/api/v1/text/md5. The technical documentation inpost-text-md5.mdexplicitly highlights that this POST method is suitable for 'sensitive information,' which emphasizes the risk of transmitting potentially private data to an unverified external service provider. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its handling of untrusted input. \n
- Ingestion points: Untrusted user text intended for hashing is ingested into the agent context via instructions in
SKILL.mdandpost-text-md5.md. \n - Boundary markers: The skill lacks delimiters (such as XML tags or triple quotes) or specific 'ignore instructions' warnings to prevent the agent from misinterpreting text within the payload as new commands. \n
- Capability inventory: The agent possesses network capabilities to transmit data to the external
uapis.cndomain. \n - Sanitization: No sanitization, validation, or escaping of the user-provided text is described before it is interpolated into the API request.
Audit Metadata