localization-testing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves processing external, potentially untrusted content for localization and internationalization validation.\n
- Ingestion points: The skill accepts external URLs, HTML structures, and translation data in JSON format through the
Taskcall inSKILL.mdand multiple test cases (tc001, tc002, tc005) inevals/localization-testing.yaml.\n - Boundary markers: The instructions lack explicit delimitation or isolation protocols (such as XML tags or unique markers) to prevent the agent from interpreting instructions embedded within the processed translation strings or HTML content.\n
- Capability inventory: The skill utilizes agent roles for test generation (
qe-test-generator), test execution (qe-test-executor), and visual validation (qe-visual-tester). It also references the use of system tools likejqin its validation configuration.\n - Sanitization: No evidence was found of sanitization, filtering, or validation logic that would strip potential prompt injection payloads from the incoming translation data or external HTML before they are processed by the agent.
Audit Metadata