json-flat-tool
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation demonstrates piping data from untrusted external URLs (api.example.com) directly into a command string that invokes the python3 interpreter. This pattern is dangerous as it allows untrusted remote content to potentially influence or execute within the command-line context.
- [DATA_EXFILTRATION]: The jstool.py script includes a feature to read local file content using the '@' symbol followed by a file path. This can be used to read and expose sensitive files such as SSH keys or environment variables by loading them into the JSON data processed by the tool.
- [EXTERNAL_DOWNLOADS]: The skill documentation encourages fetching and processing data from external, untrusted sources such as api.example.com, which is not a whitelisted or trusted vendor.
- [PROMPT_INJECTION]: The tool is vulnerable to indirect prompt injection because it processes untrusted data from external sources without proper sanitization or boundary markers.
- Ingestion points: The jstool.py script reads JSON data from stdin and from specified file paths.
- Boundary markers: There are no delimiters or specific instructions to ignore embedded commands within the ingested data.
- Capability inventory: The script can read and write files on the local filesystem using the open() function.
- Sanitization: Input is parsed with json.loads(), but no content-level validation or filtering is performed.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.example.com/data - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata