i18n-localization
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The
i18n_checker.pyscript reads local project files for analysis but does not transmit data externally or access sensitive system directories like~/.sshor~/.aws. - [Indirect Prompt Injection] (SAFE): The script ingests untrusted data (user code and JSON locale files) to perform regex-based auditing. It lacks dangerous sinks such as shell execution, dynamic code evaluation (
eval/exec), or network requests, meaning it cannot be used as a vector for malicious payloads. - [Remote Code Execution] (SAFE): No patterns for downloading or executing remote code (e.g.,
curl | bash) were found. The skill relies on standard Python libraries (pathlib,re,json). - [Command Execution] (SAFE): The script performs filesystem reads using
pathlibbut does not invoke system shells or subprocesses. - [Metadata Poisoning] (SAFE): The skill metadata correctly reflects the tool's purpose and does not contain hidden instructions or deceptive descriptions.
Audit Metadata