The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the execution of multiple npx intl shell commands to manage translations, build dictionaries, and configure project settings.
[EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch and execute a package named intl from the public npm registry. The use of a highly generic package name increases the risk of executing unintended or malicious code if a name collision occurs or if a malicious package shadows the intended tool.
[REMOTE_CODE_EXECUTION]: The skill supports dynamic code generation through the npx intl build command. This process generates executable JavaScript and TypeScript files (built.js, types.ts) from YAML source files. This includes the conversion of user-provided string templates and !js tagged functions into application code, creating a vector for code injection if source files are manipulated.
[DATA_EXFILTRATION]: The skill transmits project-specific data, including translation keys, values, and descriptive "context" strings, to OpenAI's external APIs for automated translation processing.
[PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection (Category 8) as it processes external, potentially untrusted data that is used to influence LLM outputs.
Ingestion points: Untrusted data enters the workflow via npx intl add, set, and context commands which store data in YAML files (e.g., context.yaml).
Boundary markers: There are no explicit boundary markers or instructions described to prevent malicious content within the translation strings from overriding the translation engine's behavior.
Capability inventory: The agent has the capability to execute shell commands (npx) and write generated code to the project directory.
Sanitization: No evidence of sanitization or validation is provided for the input strings processed by the translation CLI.

svintl