app-localization
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill includes instructions for AI-powered translation of string values extracted from the project. This creates a surface for indirect prompt injection if a malicious user or contributor places instructions within the English source strings. \n- Ingestion points: .strings files and .swift source files in the target module. \n- Boundary markers: None identified for the AI translation step. \n- Capability inventory: Local file read/write, shell execution of grep, and tuist generate. \n- Sanitization: None. \n- [COMMAND_EXECUTION] (LOW): The skill utilizes standard development tools like grep and tuist, and executes locally provided Python scripts. All operations are restricted to the local filesystem and serve the primary function of localization management without involving network requests or privilege escalation.
Audit Metadata