json-ld-schemas
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's components are designed to process untrusted external data that enters the agent context via props.\n
- Ingestion points: The components 'ServiceJsonLd', 'ProductJsonLd', 'FAQPageJsonLd', and 'BreadcrumbJsonLd' ingest untrusted data from external objects (service, programme, faqs, items).\n
- Boundary markers: Absent; there are no delimiters or 'ignore embedded instructions' warnings for the processed data.\n
- Capability inventory: The skill possesses the capability to execute client-side scripts by injecting content into the DOM via 'dangerouslySetInnerHTML'.\n
- Sanitization: Absent; the implementation relies on 'JSON.stringify', which does not escape HTML-sensitive characters like the '<' in '', enabling script breakout.\n- [Dynamic Execution] (HIGH): The 'JsonLd' component in 'components/seo/JsonLd.tsx' utilizes 'dangerouslySetInnerHTML' to inject the result of 'JSON.stringify(data)' into a script tag. This is a classic XSS vulnerability surface because a malicious string containing 'alert(1)' will successfully terminate the current script block and execute the injected script.
Recommendations
- AI detected serious security threats
Audit Metadata