json-render-react-native
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design. It allows rendering mobile UIs from JSON specifications provided at runtime or streamed from an external API via the useUIStream hook.
- Ingestion points: The Renderer component accepts a spec object, and the useUIStream hook fetches specs from a provided API endpoint (SKILL.md).
- Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are documented for the UI specifications.
- Capability inventory: The skill supports dynamic actions like setState, which allows the JSON specification to modify the internal state of the application (SKILL.md).
- Sanitization: There is no mention of sanitization or content filtering for the UI specifications to prevent the rendering of deceptive or malicious interface elements.
Audit Metadata