azure-ai-translation-ts
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted user-provided text and documents through Azure Translation services.
- Ingestion points: Data enters through the
inputsarray in text translation and thebodyfield in document translation (SKILL.md). - Boundary markers: None present in code samples; text is interpolated directly into the API request body.
- Capability inventory: The skill includes file-writing capabilities (
writeFilein SKILL.md) and network operations (Azure API calls). - Sanitization: No explicit sanitization or filtering of input text is performed before translation.
- [CREDENTIALS_UNSAFE] (SAFE): The skill documentation correctly identifies the need for credentials and recommends using environment variables. All code samples use placeholders like
<your-api-key>or environment variable accessors (process.env.TRANSLATOR_SUBSCRIPTION_KEY), which are not security findings. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard Azure SDK packages (
@azure-rest/ai-translation-text,@azure-rest/ai-translation-document,@azure/identity) from the public npm registry. These are verified libraries from a trusted organization (Microsoft).
Audit Metadata