Skills
skills/hypersocialinc/shots/shots-translate/Gen Agent Trust Hub

shots-translate

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external, user-supplied text such as benefit headlines, subtitles, and ASO metadata to perform translations and regenerate screenshots. This creates a surface for indirect prompt injection where an attacker could place instructions in the metadata to manipulate the agent's behavior.
  • Ingestion points: App Store benefit headlines, subtitles, and ASO metadata described in the skill's purpose.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the provided instruction file.
  • Capability inventory: The skill allows the use of potentially high-risk tools including Bash(node), Bash(npm), Bash(curl), and Bash(open).
  • Sanitization: There is no evidence of sanitization or input validation for the metadata being processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 07:32 PM