uapi-post-translate-text

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill is configured to send user-provided text to the external domain uapis.cn for translation. While this is the primary purpose of the skill, the domain is not recognized as a whitelisted or well-known service provider.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user data without sufficient safeguards.\n
  • Ingestion points: User-provided text for translation entering via the JSON request body defined in references/operations/post-translate-text.md.\n
  • Boundary markers: No delimiters or instructions to ignore embedded commands are provided to the agent to isolate the user text from its own logic.\n
  • Capability inventory: The skill performs network requests to https://uapis.cn/api/v1 as specified in the SKILL.md and references/operations/post-translate-text.md files.\n
  • Sanitization: There is no mention of input validation, filtering, or escaping of the user-provided text before it is processed and transmitted.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-post-translate-text