uapi-post-web-tomarkdown-async

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by facilitating the processing of external web content via the url parameter. Malicious instructions could potentially be embedded in the source webpages converted by the API.
  • Ingestion points: url query parameter in references/operations/post-web-tomarkdown-async.md.
  • Boundary markers: No delimiters or explicit instructions to ignore embedded content are provided.
  • Capability inventory: The skill contains no executable scripts, file-write capabilities, or local system tools.
  • Sanitization: No instructions for escaping or validating the external content are included.
  • [EXTERNAL_DOWNLOADS]: The skill is configured to interact with the external domain uapis.cn to perform its primary web-to-markdown conversion task. This communication is essential to the skill's intended purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 06:42 AM
Security Audit — agent-trust-hub — uapi-post-web-tomarkdown-async