skogai-jq
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local
jqfilters via the-fflag and includes shell scripts (test.sh) for validation and testing. - [COMMAND_EXECUTION] (LOW): Vulnerability surface for Indirect Prompt Injection. 1. Ingestion points: External JSON data provided via stdin or local files. 2. Boundary markers: Uses jq
--argand--argjsonflags to isolate data from logic. 3. Capability inventory: Performs data manipulation usingjqwithin shell subprocesses. 4. Sanitization: Employs structured parameter passing to prevent injection into the transformation filters.
Audit Metadata