language-audit
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script named
language-router.pyto perform translation quality scoring. This represents local code execution which is an intended part of the skill logic. - [EXTERNAL_DOWNLOADS]: The skill fetches and parses HTML content and hreflang annotations from external URLs provided by the user to perform the audit.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: It ingests untrusted data from external URLs (HTML source, hreflang tags, and page content) and content assets provided by the user. 2. Boundary markers: There are no explicit instructions to the agent to treat this external content as untrusted or to ignore instructions embedded within it. 3. Capability inventory: The agent has the capability to execute local commands via the
language-router.pyscript. 4. Sanitization: No sanitization or validation of the fetched external content is described, creating a risk that malicious instructions in the audited content could influence the agent's output or actions.
Audit Metadata