translate-docs
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted markdown documentation from the local filesystem and interpolates it directly into LLM prompts for translation, audit, and polishing subagents.\n
- Ingestion points: Markdown files located in
website/guide/and its subdirectories.\n - Boundary markers: Absent. The subagent prompts use simple text headers (e.g., 'SOURCE:', 'ENGLISH SOURCE:') but do not employ robust delimiters (like XML tags or multi-dash separators) or specific instructions to the subagent to ignore embedded commands within the source text.\n
- Capability inventory: The agent possesses the capability to write translated files to the local filesystem and execute the
pnpm buildshell command.\n - Sanitization: No sanitization, escaping, or structural validation is performed on the content of the documentation files before they are processed by the LLM subagents.\n- [COMMAND_EXECUTION]: The skill executes the shell command
pnpm buildwithin thewebsitedirectory as a verification step after translation. While this is a standard developer workflow for static site generators like VitePress, it involves subprocess execution that could be exploited if the project's build configuration or dependencies are compromised.
Audit Metadata