json-render-react-email
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily documentation and does not include any scripts or configuration files that execute commands or access sensitive system resources. All referenced libraries are legitimate vendor resources from @json-render or well-known projects like React Email.\n- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by ingesting and rendering JSON specifications.\n
- Ingestion points: The spec element tree is ingested by rendering functions (SKILL.md).\n
- Boundary markers: Data is constrained by a structured JSON element tree schema.\n
- Capability inventory: The skill generates HTML/text output and supports expression evaluation for visibility and state.\n
- Sanitization: The library uses Zod for prop validation and schema enforcement, and provides a Markdown component for safe HTML conversion.
Audit Metadata