json-render-react
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues detected. The skill provides technical instructions for a legitimate React UI rendering framework.- [PROMPT_INJECTION]: The skill defines a framework for rendering JSON specifications, which introduces a surface for indirect prompt injection if those specifications are sourced from untrusted APIs or generated by AI.
- Ingestion points: The
Renderercomponent via thespecprop and theuseUIStreamhook which fetches from an external API endpoint. - Boundary markers: None identified in the provided documentation to distinguish between UI structure and embedded instructions.
- Capability inventory: Includes state mutations (
setState,pushState,removeState), form validation, event emission, and the execution of registered functions via the$computedexpression. - Sanitization: The documentation does not specify input validation or sanitization mechanisms for the processed JSON specifications.
Audit Metadata