json-parser
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill accepts arbitrary file paths as input via the $ARGUMENTS variable in SKILL.md. This allows an attacker to trick the agent into reading sensitive files such as credentials, configuration files, or private keys by specifying them as the parsing target.
- [Indirect Prompt Injection] (HIGH): As a tool that parses external JSON data, it acts as a primary vector for indirect prompt injection. 1. Ingestion points: Raw JSON input or files specified by path provided via $ARGUMENTS. 2. Boundary markers: No delimiters or instructions to ignore embedded instructions are specified in the usage instructions. 3. Capability inventory: Reading and processing local file content as described in the Capabilities section. 4. Sanitization: No sanitization or validation of the input content beyond JSON structure/schema is mentioned, allowing malicious instructions within the JSON to influence agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata