localize
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that direct the agent to override or ignore specific formatting constraints defined in other project configuration files (e.g., CLAUDE.md, AGENTS.md, .cursorrules). Specifically, it states that ASCII-only rules should not apply to locale catalogs. While functional for translation tasks, this represents a deliberate override of established project rules.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves reading and processing external, potentially untrusted data from a codebase.
- Ingestion points: The agent reads various source code files (e.g., *.tsx, *.jsx, *.ts, *.vue, *.html) in the src/ directory via shell commands and direct inspection.
- Boundary markers: The instructions lack explicit directives for the agent to ignore or isolate instructions that might be embedded within the strings or comments it is extracting from the code.
- Capability inventory: The skill utilizes shell command execution (grep, wc, npm install) and provides the agent with broad access to the project structure.
- Sanitization: No sanitization or content validation is performed on the extracted string content before the agent processes it for translation or auditing.
- [COMMAND_EXECUTION]: The skill provides numerous pre-formatted shell commands (primarily using grep and wc) to be executed in the terminal for auditing codebases. While these commands are standard development tools, they allow the agent to perform broad filesystem searches and potentially execute commands based on file content. It also suggests installing third-party libraries via npm.
Audit Metadata