baoyu-translate
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to manage its configuration and workflow. This includes checking for the existence of EXTEND.md and executing local TypeScript scripts using the bun runtime or npx (SKILL.md).
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch and translate content from remote URLs provided by the user, which involves making network requests to external domains (workflow-mechanics.md).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from articles and web pages. This could allow malicious content within the source material to attempt to subvert the agent's instructions.
- Ingestion points: Source material provided as inline text, local files, or remote URLs (SKILL.md, workflow-mechanics.md).
- Boundary markers: While the prompt template uses markdown headers to organize context, it lacks dedicated safety delimiters or explicit instructions to ignore commands within the source text itself (subagent-prompt-template.md).
- Capability inventory: The agent has the ability to read and write files, execute shell commands via bun/npx, and access the network to fetch content.
- Sanitization: No specific sanitization or filtering of the source content is mentioned before it is passed to the translation engine.
Audit Metadata