qt-translation-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): Both the SKILL.md and qt_translation_config.json contain a placeholder API key ('sk-uos-12345'). This is a dummy value used for demonstration and does not constitute a credential leak.
- [EXTERNAL_DOWNLOADS] (SAFE): The project documentation specifies the use of the 'requests' Python library, which is a trusted, industry-standard package for making HTTP requests.
- [DATA_EXFILTRATION] (SAFE): The default configuration points to 'localhost' (http://localhost:8080). This ensures that, by default, no data is sent to external or untrusted third-party servers.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes XML-based translation source (.ts) files. Since the content of these files is interpreted by an LLM, there is a theoretical surface for indirect prompt injection if the source files are provided by an untrusted party.
- Ingestion points: TS (Translation Source) files.
- Boundary markers: None identified in the provided documentation.
- Capability inventory: Performs network requests via 'requests' to a user-configured API endpoint.
- Sanitization: Not specified in the provided text.
Audit Metadata