next-intl-i18n
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The skill only manages translation strings and routing.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses the established 'next-intl' library. The dynamic import of message files in
i18n/request.tsis protected by a whitelist check (locales.includes(locale)), which prevents an attacker from supplying malicious paths via the URL. - [Prompt Injection] (SAFE): No override markers, role-play injections, or instructions to ignore safety guidelines were found in the skill metadata or body.
- [Indirect Prompt Injection] (SAFE):
- Ingestion points: The locale is ingested from the request/URL parameter in
i18n/request.tsandapp/[locale]/page.tsx. - Boundary markers: Translation messages are stored in structured JSON files.
- Capability inventory: The skill does not perform any dangerous operations like
exec,eval, or external network writes. - Sanitization: The locale input is strictly validated against a hardcoded array of supported locales before being used to load message files.
Audit Metadata