polyglot
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate instructional content for internationalization and localization using well-known, industry-standard libraries and APIs. No malicious intent or hidden code was detected.
- [SAFE]: Network operations mentioned in the documentation, such as TMS (Translation Management System) integration and CDN-level locale routing, are standard architectural components for global applications and do not involve unauthorized data exfiltration.
- [SAFE]: The skill identifies a surface for Indirect Prompt Injection when using AI-powered translation pipelines to process untrusted source text. It mitigates this risk by recommending human review for safety-critical content and providing structural guidelines for translation consistency.
- Ingestion points: Source code strings (JSX/HTML), user-supplied UI copy, and external translation files (SKILL.md).
- Boundary markers: Recommends pseudo-localization with bracket wrapping to identify boundary issues (references/rtl-support.md).
- Capability inventory: File system write operations for translation assets and network-based TMS synchronization (SKILL.md).
- Sanitization: Emphasizes framework-level escaping and the use of ICU MessageFormat over string concatenation to prevent structural manipulation during translation (SKILL.md, references/icu-message-format.md).
- [SAFE]: No hardcoded credentials, sensitive file access, or privilege escalation patterns were found. Placeholders used in documentation (e.g., for GitHub Action secrets) follow security best practices.
Audit Metadata