Localization Helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface by reading untrusted source code and utilizing an Edit tool.
- Ingestion points: Uses Read, Grep, and Glob to ingest content from the application source files.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from obeying instructions embedded within the processed code.
- Capability inventory: The Edit tool allows the agent to modify the file system directly.
- Sanitization: No sanitization or validation of the ingested content is performed before processing or writing.
Recommendations
- AI detected serious security threats
Audit Metadata