render-json-ui
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions explicitly direct the agent to execute shell commands provided by the user to generate or refresh JSON artifacts. This creates a risk of command injection if the user provides malicious shell strings that the agent executes without validation.
- File: SKILL.md
- Evidence: "If needed, run the shell command that generates or refreshes the JSON artifact."- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes unknown and potentially untrusted JSON data to influence the generation of a declarative UI specification.
- Ingestion points: JSON files or shell command output artifacts identified by the agent (e.g., in SKILL.md step 1).
- Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the JSON data during the profiling or rendering phases.
- Capability inventory: The skill utilizes scripts/profile_json.py for file reading and relies on the agent's ability to execute shell commands (SKILL.md step 2).
- Sanitization: Absent. The profile_json.py script extracts structural evidence but does not perform sanitization of string values, which could contain malicious prompts.
Audit Metadata