crowdin-context-cli
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the execution of the
crowdinCLI tool to perform context management tasks. This involves running subprocesses likecrowdin context downloadandcrowdin context uploadon the local system. - [CREDENTIALS_UNSAFE]: The documentation references authentication mechanisms, specifically the use of the
-T, --tokenflag and configuration files (crowdin.yml) to provide Crowdin API tokens. While it describes how to use these credentials, it does not include hardcoded secrets. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. It involves downloading strings and context from Crowdin (
crowdin context download) for the AI agent to process and enrich. If the source content in Crowdin is attacker-controlled, it could contain instructions designed to influence the agent's behavior. - Ingestion points: Data enters the context via
crowdin-context.jsonlfiles downloaded from the Crowdin API. - Boundary markers: The data is structured in JSONL format, but no specific prompt delimiters or instructions to ignore embedded commands are described.
- Capability inventory: The skill allows file reading/writing and execution of the
crowdinCLI. - Sanitization: No explicit sanitization or validation of the downloaded source text is mentioned.
Audit Metadata