academic-translate
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection through its text processing and consistency scanning features.
- Ingestion points: In
references/zh2en.mdandreferences/en2zh.md, the agent is instructed to read content from the user-provided academic text and all previously translated.mdfiles located in the{Project Root Path}/translation/directory. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands (e.g., 'ignore previous instructions' within the text) are provided in the workflow logic.
- Capability inventory: The skill relies on the
Read,Write, andEdittools to manipulate local files, and uses thePythontool to run helper scripts. - Sanitization: There is no evidence of sanitization or filtering of instructions contained within the external files before they are processed by the agent.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts included in the package (
scripts/validate-glossary.pyandscripts/extract-terms.py) to perform term extraction and glossary validation. While the scripts themselves are benign, they represent the execution of local code shipped with the skill. - [DATA_EXPOSURE]: The skill accesses a hidden path in the user's home directory (
~/.claude/academic-translate/glossary.md) to maintain a global terminology list. Although this is used for persistence of translation terms, it involves reading and writing to a hidden system path.
Audit Metadata