localization-maestro
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script performs standard filesystem operations using Node.js
fsandpathmodules. It reads directory structures and file contents within a user-specified path to identify localization patterns. No shell commands, subprocesses, or arbitrary command execution patterns were detected. - [REMOTE_CODE_EXECUTION]: There is no evidence of dynamic code evaluation or remote script loading. The skill uses a local dependency (@agent/core) and does not utilize
eval(),exec(), or similar dangerous functions. - [DATA_EXFILTRATION]: The skill does not contain any network-related code (e.g.,
fetch,http.get,curl). It operates entirely on the local filesystem and provides an option to save its findings to a local output file using a secure-io utility. - [PROMPT_INJECTION]: The skill instructions in
SKILL.mdare focused on functional tasks and do not contain patterns intended to bypass safety guardrails or override system prompts. - [EXTERNAL_DOWNLOADS]: No external URLs or remote resource fetching were found in the scripts or configuration files.
- [CREDENTIALS_UNSAFE]: The analysis did not reveal any hardcoded API keys, tokens, or access to sensitive environment configuration files like
.envor SSH keys.
Audit Metadata