oma-translator
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill logic is entirely focused on translation quality and follows best practices for linguistic processing. It does not contain any executable code, remote downloads, or patterns associated with data exfiltration or persistence.
- [COMMAND_EXECUTION]: The skill instructs the agent to use the 'rg' (ripgrep) utility to search for project context and existing translations. This is a local operation intended for context gathering and does not involve network access or unsafe command construction.
- [PROMPT_INJECTION]: The skill processes external source text for translation, which constitutes an indirect prompt injection surface. 1. Ingestion points: Source text provided as input in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Uses 'rg' for local searches and the 'Edit' tool for modifying translation files. 4. Sanitization: Absent. However, the skill's 'Stage 2: Extract Meaning' and 'Verification' stages act as functional barriers that mitigate the risk of the agent following instructions embedded within the source text.
Audit Metadata