Skills
skills/affaan-m/everything-claude-code/visa-doc-translate/Gen Agent Trust Hub

visa-doc-translate

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the sips command-line utility for converting image formats and uses pip and brew to install necessary system and Python dependencies.
  • [EXTERNAL_DOWNLOADS]: The skill requests the download of standard, well-known libraries such as pillow, reportlab, and easyocr from official package registries to facilitate OCR and PDF generation.
  • [REMOTE_CODE_EXECUTION]: The skill dynamically generates and executes a Python script to manage the layout and rendering of the final bilingual PDF document.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted text extracted via OCR from user-provided images.
  • Ingestion points: Untrusted text is extracted from document images provided by the user (as described in SKILL.md).
  • Boundary markers: There are no delimiters or specific instructions to the agent to disregard instructions potentially embedded within the extracted text.
  • Capability inventory: The skill has the capability to execute shell commands (sips) and run dynamically generated Python scripts.
  • Sanitization: No sanitization or validation of the text extracted via OCR is performed before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 07:52 PM