i18n-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's docs and workflows show the agent fetching and using user-provided translations from external sources (e.g., https://cdn.better-i18n.com in resources/cdn-delivery.md and the MCP tools in resources/mcp-integration.md), and explicitly instruct AI assistants to read, translate, create, and update those remote translation values—which are untrusted, user-generated content that the agent is expected to interpret and act on—so this clearly enables indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP integration instructs running remote code at runtime via npx (npx -y @anthropic-ai/better-i18n-mcp@latest) and also links an MCP server package (https://npmjs.com/package/@better-i18n/mcp-server), which, when installed, exposes tools that directly control agent prompts and execute remote actions, making it a runtime external dependency that controls the agent.