The Agent Skills Directory

Prompt Injection (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected in the skill markdown or metadata.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials (API keys, secrets) or access to sensitive local file paths (~/.ssh, .env) were found. The skill does not perform unauthorized network operations.
Obfuscation (SAFE): The skill contains no Base64, zero-width characters, homoglyphs, or other techniques designed to hide malicious intent.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard Astro framework packages. There are no patterns involving piped remote execution (e.g., curl|bash) or downloading untrusted scripts.
Indirect Prompt Injection (SAFE): While the skill handles untrusted data from URL segments and the Accept-Language header, it uses a whitelist-based validation pattern (isValidLang) that checks inputs against a static configuration object, effectively neutralizing injection risks.
Dynamic Execution (SAFE): The translation utility (t()) uses standard regular expression replacement for template variables. No use of eval(), exec(), or unsafe deserialization was observed.

astro-i18n