code-translation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documentation establishes a clear surface for indirect prompt injection because its primary function is to process user-supplied source code.
- Ingestion points: Source code for translation is processed as untrusted input in the workflows described in
SKILL.mdand the project migration strategies inreferences/project_migration.md. - Boundary markers: The documentation lacks specific instructions for using delimiters or boundary markers to help the model distinguish between the code logic and any natural language instructions that might be embedded within the source code.
- Capability inventory: The skill provides guidance for generating and running automated tests (e.g., using
pytest,jest, or Go'stestingpackage) and building projects across multiple languages, which an attacker could exploit to execute malicious code if the agent is tricked during the translation process. - Sanitization: There are no requirements or best practices listed for sanitizing, validating, or filtering the input source code to remove or neutralize embedded adversarial instructions before processing.
Audit Metadata