The Agent Skills Directory

[COMMAND_EXECUTION]: The instructions for the agent involve executing shell commands using the bash tool where user-controlled arguments, such as the PDF file path, are directly interpolated into the command string. While the instructions suggest using double quotes, this pattern is susceptible to command injection in Unix-like shells if a filename contains subshell syntax (e.g., $(command) or `command`).
[PROMPT_INJECTION]: The skill processes untrusted data from external PDF files, creating a surface for indirect prompt injection. A maliciously crafted PDF could contain hidden instructions that influence the agent's behavior during the translation process.
Ingestion points: Source PDF file content processed during the extraction and translation steps (SKILL.md Step 4 and 6).
Boundary markers: Absent; the skill does not use specific delimiters or instructions to treat extracted text as untrusted data.
Capability inventory: Shell command execution (bash tool used in Step 4 and 7), file system read/write, and interaction with external Python libraries.
Sanitization: None; the text is extracted using PyMuPDF and directly passed to the language model for translation.
[EXTERNAL_DOWNLOADS]: The skill checks for and offers to install several third-party Python libraries (pymupdf, markdown, weasyprint) via pip. While these are well-known packages, installing external dependencies at runtime is a potential supply chain risk if not properly version-pinned or if the registry is compromised.

translate-pdf