querying-json
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process data from external JSON files (e.g., package.json, config files) which serves as an untrusted data entry point.
- Ingestion points: Local JSON files accessed via jq.
- Boundary markers: Absent; the skill does not suggest delimiters or warnings to the agent about embedded instructions in the JSON data.
- Capability inventory: The skill explicitly suggests piping data to other command-line tools (e.g.,
xargs,npm info,sd,fzf), which involves subprocess execution. - Sanitization: No sanitization or validation of the JSON content is mentioned before it is processed or passed to other tools.
- [Data Exposure & Exfiltration] (SAFE): The skill reads local files for the purpose of context optimization. There are no patterns indicating hardcoded credentials, access to sensitive system paths (like SSH keys), or network exfiltration to untrusted domains.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard, well-known utilities (jq, fzf, npm, yq). It does not contain any remote script execution patterns (e.g., curl piped to bash) or installation of untrusted packages.
Audit Metadata