Skills
skills/belumume/claude-skills/rtl-document-translation/Gen Agent Trust Hub

rtl-document-translation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (SAFE): The skill requires standard, well-known Python packages (python-docx, Pillow) from the Python Package Index (PyPI). These are trusted libraries for document and image processing.
  • DATA_EXFILTRATION (SAFE): The utility script create_translation.py operates entirely on local files. While there is commented-out code that references a translation API (googletrans), it is disabled by default and intended for the skill's core functionality.
  • FALSE POSITIVE (INFO): The automated security alert regarding run.font.name is a false positive. In the context of the python-docx library, run.font.name is a programming attribute used to get or set the name of a font, not a network URL or domain.
  • INDIRECT PROMPT INJECTION (LOW): The skill processes untrusted document content. However, the processing is limited to text extraction and formatting; it does not execute the document content or use it to influence sensitive agent actions beyond the translation task.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:08 PM