The Agent Skills Directory

SAFE (SAFE): No malicious patterns or security vulnerabilities were detected in the skill files. The implementation adheres to official documentation for internationalization in Next.js.
Dynamic Resource Loading (LOW): The skill utilizes dynamic imports to load translation files based on the requested locale. While dynamic execution is usually a concern, this implementation is safe because the input is validated against a static whitelist of supported locales.
Evidence: In examples/i18n/request.ts, the locale variable is verified using hasLocale(routing.locales, requested) before being used in the dynamic import() statement for the JSON message files.
Indirect Prompt Injection Surface (INFO): The skill configures an application to ingest external data from JSON translation files. In typical usage, these are trusted static files, but if they were sourced from an untrusted API, they could theoretically influence agent behavior if the agent reads the application output.
Ingestion point: messages/${locale}.json (referenced in examples/i18n/request.ts).
Capability inventory: Display only; no side-effect capabilities are granted to the translation engine.

next-intl-app-router