pdf_translator
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands that directly incorporate user-controlled input (e.g.,
python3 skills/pdf_translator/scripts/extract_text.py <path_to_pdf>). This creates a vulnerability where a malicious filename containing shell metacharacters (such as;,&, or|) could be used to execute arbitrary commands on the host system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts text from untrusted PDF documents and presents it to the agent for translation without isolation.
- Ingestion points: Text extracted from PDFs using the
scripts/extract_text.pyscript (referenced inSKILL.md). - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat the extracted PDF content as untrusted data.
- Capability inventory: The skill has the ability to execute local Python scripts and perform file write operations via
scripts/generate_md.py. - Sanitization: Absent. The extracted content is passed directly into the agent's context for processing without any filtering or escaping of potential instructions.
Audit Metadata