translate
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text from users and external files without using clear boundary markers or delimiters. Instructions embedded within the source text being translated could potentially override the agent's constraints.
- Ingestion points: Untrusted data enters via direct user input or via file paths referenced by the user in SKILL.md.
- Boundary markers: Absent. The prompt does not specify delimiters (like triple quotes) to separate the source text from the translation instructions.
- Capability inventory: The agent is instructed to read local files provided by the user.
- Sanitization: No sanitization or filtering of the input text or file content is performed.
- [COMMAND_EXECUTION]: The skill directs the agent to read files from the local filesystem based on user-provided paths. This functionality increases the attack surface, as an attacker could attempt to trick the agent into reading sensitive system files, configurations, or credentials if the underlying platform does not enforce strict path validation or sandboxing.
Audit Metadata