paraglide-js-internationalization-i18n
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Memory Protocol' in SKILL.md introduces a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read historical context from .claude/context/memory/learnings.md using cat.
- Boundary markers: No explicit delimiters or instructions to ignore nested directives are provided for the ingested content.
- Capability inventory: The skill utilizes Read, Write, and Edit tools, which could be influenced by injected content.
- Sanitization: There is no process to validate or sanitize the data retrieved from the memory file.
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @inlang/paraglide-js package from the npm registry.
- [COMMAND_EXECUTION]: The SKILL.md file contains instructions to execute the cat command to retrieve local context files as part of its state management protocol.
Audit Metadata