Governed ability
Upload media
aafm/upload-media Guarded write
Upload an image from base64 data (jpg, png, gif, webp; SVG rejected).
How it is governed
The same model as every ability in the plugin, stated for this one.
- Off until you enable it
Like every ability, Upload media ships switched off. You turn it on one at a time, and an update never widens access on its own.
- Guarded write
Writes stay conservative, and the plugin re-checks the capability before the call runs.
- Capability gated
A connection only sees Upload media if the user you connected can run it, and the plugin checks that capability again before it executes.
- Every call audited
The call is written to the log in your own database, denials included, with the argument keys but never the values.
See it in action
An illustrative run. Your real calls and data stay on your own site.
Try it with a prompt
Example requests you could paste to your agent.
Upload this base64 PNG into the media library.
Add the attached JPEG to the library so I can use it as a featured image.
Import this base64 WebP graphic into the media library.
These are illustrative example prompts. The agent runs them as the user you connected, checked against that user's capabilities and written to your audit log.
Frequently asked
Short answers for Upload media.
What file types are accepted?
Images provided as base64 data in jpg, png, gif, or webp format. SVG uploads are rejected, since SVG can carry active markup.
How is uploading controlled?
It is a guarded write, off by default, and capability-gated. Every upload is written to the plugin audit log with the acting user.
Governed by default, from the first call.
Upload media is off until you enable it, scoped to the user you connect, and logged like everything else. Turn on only what you need.
Every ability off until you enable it, capability-gated on every call.