The Agent Skills Directory

[PROMPT_INJECTION]: The tool processes user-provided documentation (Markdown/MDX) and dictionary files (JSON, TypeScript, JavaScript) using AI translation models (OpenAI, DeepSeek, etc.). This creates a vulnerability surface for indirect prompt injection where malicious instructions embedded in the source files could be interpreted and executed by the LLM during translation.
Ingestion points: Content files matching glob patterns such as *.content.{ts,js,json} and documentation files matching **/*.md are ingested for AI processing.
Boundary markers: The documentation mentions chunking large files to fit AI context windows, but does not describe the use of strict delimiters or sanitization logic to prevent the model from following instructions contained within the text to be translated.
Capability inventory: The skill has the ability to read from and write to the local file system, execute sub-processes via the --with argument, and interact with remote APIs.
Sanitization: The documentation does not specify methods for filtering or escaping input before it is interpolated into AI prompts.
[COMMAND_EXECUTION]: The CLI supports the execution of parallel commands through the --with flag (e.g., npx intlayer build --with "next dev"), which involves spawning child processes. It also manages project structure and configuration files via the init command.
[EXTERNAL_DOWNLOADS]: The tool communicates with https://intlayer.org for CMS operations such as push, pull, and login. It also facilitates connections to third-party AI providers (e.g., OpenAI, DeepSeek) using user-supplied API keys.

intlayer-cli