generate-translations
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The body of the skill instructs the agent to perform 'pnpm' and 'node' operations which are explicitly excluded from the 'allowed-tools' header (which only permits 'date' and 'mkdir'). This discrepancy suggests the skill may attempt to exceed its defined sandbox.
- REMOTE_CODE_EXECUTION (MEDIUM): The 'Scaffolding' instructions require the agent to write new code to a local file ('tools/scripts/src/generateTranslations/plugin-{name}.ts') and then run it. This 'write-then-execute' pattern is a significant security vector for arbitrary code execution.
- CREDENTIALS_UNSAFE (LOW): The skill identifies 'OPENAI_KEY' as a required environment variable. While no keys are hardcoded, identifying sensitive environment variables facilitates potential data exfiltration attacks.
Audit Metadata