translate-book-parallel
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates the execution of external CLI tools, specifically Calibre (ebook-convert) and Pandoc, as well as local Python scripts (convert.py, merge_and_build.py) to manage document format conversion and the translation pipeline.
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of well-known third-party software (Calibre, Pandoc) and standard Python libraries (pypandoc, beautifulsoup4) required for document processing.
- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of book files (PDF, EPUB, DOCX), which introduces a vulnerability surface for indirect prompt injection if the source documents contain instructions designed to influence the translation subagents. Ingestion points: convert.py reads external document content from the file system. Boundary markers: No explicit delimiters or instruction-ignore warnings are defined in the orchestration logic. Capability inventory: The skill has the ability to execute subprocesses and access local files. Sanitization: No content validation or sanitization of the input text is described beyond format conversion.
Audit Metadata