localization-testing
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it is designed to ingest and process untrusted external data, such as translation files (JSON), source code (JavaScript), and HTML content for RTL and Unicode validation.
- Ingestion points: Untrusted translation strings, locale-specific samples, and HTML snippets processed during automated testing (referenced in SKILL.md and evals/localization-testing.yaml).
- Boundary markers: The instructions lack specific guidance on using secure delimiters or instructions for the agent to ignore embedded commands within the processed data.
- Capability inventory: The skill coordinates multiple agents (qe-test-generator, qe-test-executor) that perform code generation and execution, which could be manipulated by adversarial patterns in the input content.
- Sanitization: There is no documentation or instruction for sanitizing, escaping, or validating the external content before it is interpolated into agent prompts or testing workflows.
Audit Metadata