uapi-post-text-md5

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is configured to send user-supplied text to an external, third-party API endpoint at https://uapis.cn/api/v1/text/md5. The technical documentation in post-text-md5.md explicitly highlights that this POST method is suitable for 'sensitive information,' which emphasizes the risk of transmitting potentially private data to an unverified external service provider.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its handling of untrusted input. \n
  • Ingestion points: Untrusted user text intended for hashing is ingested into the agent context via instructions in SKILL.md and post-text-md5.md. \n
  • Boundary markers: The skill lacks delimiters (such as XML tags or triple quotes) or specific 'ignore instructions' warnings to prevent the agent from misinterpreting text within the payload as new commands. \n
  • Capability inventory: The agent possesses network capabilities to transmit data to the external uapis.cn domain. \n
  • Sanitization: No sanitization, validation, or escaping of the user-provided text is described before it is interpolated into the API request.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:26 AM
Security Audit — agent-trust-hub — uapi-post-text-md5