Skills
skills/thinkfleetai/thinkfleet-engine/jq-json-processor/Gen Agent Trust Hub

jq-json-processor

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of shell commands to process JSON data. This includes examples of reading from and writing to local files using redirection and move operations (e.g., modifying 'package.json').
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external sources.
  • Ingestion points: Reads data from local JSON files (e.g., 'users.json', 'people.json') and remote API responses via 'curl'.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided examples.
  • Capability inventory: The skill utilizes subprocess execution for 'jq' and 'curl', and shell capabilities for file system access (read/write).
  • Sanitization: There is no evidence of input validation or sanitization of the JSON content before processing.
  • [EXTERNAL_DOWNLOADS]: The skill demonstrates the use of 'curl' to fetch data from external endpoints, such as the official GitHub API. These references target well-known and trusted services.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:14 AM