tr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill provides an attack surface for indirect prompt injection (Category 8).
- Ingestion points: Processes arbitrary user-supplied text via the /tr command and configuration settings from translate.local.md (SKILL.md).
- Boundary markers: Absent. The 'Execution' step instructions specify to 'Append the user's text' without using delimiters like XML tags or triple quotes to isolate the untrusted content.
- Capability inventory: The skill possesses the capability to invoke external agents (tr and tr-hq) via the Task tool (SKILL.md).
- Sanitization: Absent. There is no logic provided to sanitize, escape, or validate user text or configuration values before they are passed to the sub-agents.
Audit Metadata