web-i18n-next-intl
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and code patterns for implementing internationalization using
next-intl. The instructions emphasize security best practices, such as validating locale parameters against a whitelist and using type-safe translation keys. - [DATA_EXPOSURE]: The skill demonstrates dynamic loading of translation files using the
import()function. The provided examples include critical validation logic that checks the requested locale against a hardcoded list of supported locales (routing.locales), which effectively prevents path traversal or unauthorized file access. - [INDIRECT_PROMPT_INJECTION]: The skill describes patterns for interpolating external data into translations. It explicitly addresses the risk of Cross-Site Scripting (XSS) when using raw HTML output (
t.markup) and provides clear instructions on using sanitization libraries to mitigate these risks. Boundary markers are not explicitly defined, but the guidance on structured interpolation reduces the risk of malicious instructions affecting the application logic. - [COMMAND_EXECUTION]: No shell command execution or subprocess spawning patterns were detected. The skill focuses entirely on application-level internationalization logic within the Next.js framework.
Audit Metadata