verify-translator
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes several shell commands, including
date,npm run lint, and a local repository script./check-pull-request.sh. These commands are executed within the user's environment, presenting a surface for local system interaction. - EXTERNAL_DOWNLOADS (LOW): The skill fetches raw documentation from
zotero.org. While the source is a known project, the ingestion of external data is a primary vector for downstream attacks. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion point:
SKILL.md(Get documentation section). 2. Boundary markers: Absent. 3. Capability inventory: Shell script execution (./check-pull-request.sh) and command execution (npm) inSKILL.md. 4. Sanitization: Absent. An attacker who can influence the content on the Zotero documentation site could embed malicious instructions that the agent might follow, leading to unauthorized command execution when the agent attempts to 'verify' or 'lint' a translator.
Recommendations
- AI detected serious security threats
Audit Metadata