The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill installs the googletrans==4.0.0-rc1 package and uses the requests library to connect to the MyMemory translation API. While these are necessary for the skill's functionality, they represent external dependencies and network connections to non-whitelisted domains.
PROMPT_INJECTION (LOW): The tool is vulnerable to indirect prompt injection because it processes content from external files without sanitization.
Ingestion points: The translate_file function in scripts/text_translator.py reads user-provided text and JSON files directly from the filesystem.
Boundary markers: No delimiters or instructions are used to separate the untrusted data from the agent's context.
Capability inventory: The script has the ability to read and write files, as well as perform network GET requests.
Sanitization: Input text is passed to the translation engine without any validation or escaping, allowing embedded instructions to potentially influence downstream agent actions.
DATA_EXFILTRATION (LOW): The script transmits text and file contents to third-party APIs (Google Translate and MyMemory). Users should be aware that sensitive data contained within the files will be sent to external servers for processing.

text-translator