Skills
skills/laurigates/claude-plugins/jq-json-processing/Gen Agent Trust Hub

jq-json-processing

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The documentation includes standard installation instructions using sudo apt-get install jq to set up the required utility on Linux-based systems.
  • [EXTERNAL_DOWNLOADS]: The skill provides examples of fetching data from well-known services (e.g., GitHub API) using curl to demonstrate JSON processing capabilities.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process external data, creating an indirect prompt injection surface.
  • Ingestion points: The skill processes JSON data from various files (e.g., users.json, package.json) and API responses fetched via curl or the GitHub CLI.
  • Boundary markers: There are no explicit instructions or delimiters defined in the jq command templates to prevent the agent from potentially obeying instructions embedded within the processed JSON data.
  • Capability inventory: The skill utilizes Bash(jq *), Bash(cat *), Read, Write, and Edit tools, allowing for file system and network interaction.
  • Sanitization: No data validation or sanitization of the JSON content is performed before it is passed to the processing logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 12:34 PM