roo-translation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow requires the execution of a local validation script
node scripts/find-missing-translations.jsto ensure all locales are updated. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and translates strings from project files that could contain malicious instructions.
- Ingestion points: Local JSON translation files in
src/i18n/locales/andwebview-ui/src/i18n/locales/. - Boundary markers: No specific delimiters or instructions are provided to the agent to ignore embedded commands within the strings being translated.
- Capability inventory: The skill allows file modification using
apply_diffand command execution via Node.js. - Sanitization: No sanitization or content validation is described for the strings before they are processed by the agent.
Audit Metadata