i18n
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a read-only auditor, using a restricted toolset consisting of
Read,Glob, andGrep. It does not possess capabilities for network communication, file system modification, or process execution, which effectively prevents malicious actions like data exfiltration or persistence.\n- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface due to its requirement to ingest external data (source code and localization files) that could contain malicious instructions. However, the risk is mitigated by the highly restricted execution environment.\n - Ingestion points: Reads
package.json, localization files (.json,.po,.yaml), and source code (.jsx,.tsx,.vue).\n - Boundary markers: Absent; the agent reads raw file content as part of the audit process.\n
- Capability inventory: Limited to file-system read tools; no write, network, or arbitrary command execution tools are authorized.\n
- Sanitization: Content is not sanitized, which is typical for code-analysis tasks that require parsing raw text.
Audit Metadata