language-audit
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
language-router.py --action scoreto evaluate the quality of translated content against brand standards. This appears to be a legitimate internal utility for the skill's operation. - [SAFE]: The skill reads application-specific configuration and brand profiles from
~/.claude-marketing/to establish the necessary context for auditing. This access is limited to the skill's own data directory and follows standard practices for context-aware agents. - [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection as it is designed to ingest and parse untrusted data from external websites and sitemaps. While this is the primary function of the audit tool, it lacks explicit sanitization.
- Ingestion points: External content assets, HTML source code, and sitemaps are ingested from user-provided URLs in
SKILL.md(Process Step 2 and 3). - Boundary markers: No specific boundary markers or 'ignore' instructions are used to delimit external content from the agent's instructions.
- Capability inventory: The skill is limited to analysis and reporting; it does not possess capabilities for file modification, network exfiltration, or system-level command execution beyond the scoring script.
- Sanitization: The instructions do not describe any sanitization or validation of the ingested content prior to analysis.
Audit Metadata