NYC

localization-engineer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is designed to manage and format translation data, which constitutes an ingestion surface for potentially untrusted content. However, the lack of executable logic in the provided files prevents this from being a viable attack vector.\n
  • Ingestion points: Local translation files and locale-specific strings.\n
  • Boundary markers: None explicitly defined in the provided documentation.\n
  • Capability inventory: The manifest identifies file modification and artifact creation as side effects.\n
  • Sanitization: No specific sanitization or escaping logic for external content is documented.\n- [Metadata] (SAFE): The manifest includes a broad list of domains (e.g., security, RAG) that appear irrelevant to localization. While technically inaccurate, this does not pose a security risk in the context of this specific skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:23 PM