i18n-localization
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Metadata Poisoning (MEDIUM): The skill metadata declares Read, Glob, and Grep as allowed tools, but the instruction section requires the use of python3. This discrepancy is misleading and could be used to bypass security policies that rely on metadata declarations.
- Indirect Prompt Injection (MEDIUM): The skill scans external project code (Ingestion Point: project files via project_path). The use of a Python script (Capability: Command Execution) rather than restricted tools, paired with the absence of Boundary Markers or Sanitization, creates a surface for instructions in project files to influence agent behavior.
- Command Execution (MEDIUM): The skill relies on an external script (i18n_checker.py) whose source is not provided in the skill package. This unverifiable code prevents a complete security audit and may perform unsafe operations on the host system.
Audit Metadata