pdf-math-translate-guide
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The guide instructs users to install the 'pdf2zh' package from the Python Package Index (PyPI) to enable translation functionality.\n- [COMMAND_EXECUTION]: Provides shell command examples for executing the translation tool, performing batch processing of files, and launching a Gradio-based web interface.\n- [DATA_EXFILTRATION]: The tool is designed to send document content to external translation services including OpenAI, DeepL, and Google Translate as part of its documented workflow.\n- [PROMPT_INJECTION]: The skill processes untrusted PDF data, which presents a surface for indirect prompt injection where malicious content in a PDF could attempt to influence the translation model.\n
- Ingestion points: External PDF files processed via the 'pdf2zh' command (SKILL.md).\n
- Boundary markers: The guide does not mention the use of delimiters or instructions to ignore embedded commands within the source documents.\n
- Capability inventory: Local shell command execution and file system access for reading and writing documents.\n
- Sanitization: No explicit sanitization or content validation is described before sending text to external LLM services.
Audit Metadata