frontend-i18n-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell scripts (
scripts/detect_i18n_profile.shandscripts/validate_i18n_basics.sh) to perform static analysis of the repository. These scripts rely on standard tools like ripgrep (rg) to identify framework usage and localizable content within the current working directory. - [DATA_EXPOSURE_AND_EXFILTRATION]: No network activity or access to sensitive configuration files (e.g., SSH keys, cloud credentials) was observed. Data collected by scripts is saved locally as i18n-profile.json to facilitate the agent's workflow.
- [INDIRECT_PROMPT_INJECTION]: As the skill involves reading and rewriting source code, it possesses an inherent surface for indirect prompt injection from repository content. This is a functional requirement for code-modifying agents and is not being exploited maliciously here.
- Ingestion points: Reads source code in src, app, pages, and components directories via ripgrep.
- Boundary markers: Relies on host agent implementation and platform-native file-edit tools.
- Capability inventory: File read/write access via host platform and local script execution.
- Sanitization: Results are processed into counts or structured JSON locally.
Audit Metadata