codegen
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [Data Sanitization]: The skill provides the
escapeStringutility to sanitize string inputs before they are included in generated code. This is a recommended practice to prevent syntax injection or malformed code output. - [Indirect Prompt Injection Surface]: This skill processes external UI specifications to generate code. (1) Ingestion points: The
specobject processed inSKILL.md. (2) Boundary markers: No explicit boundary markers or 'ignore' instructions are included in the code snippets. (3) Capability inventory: The skill generates code strings and file objects via functions likeserializePropsandCodeGenerator. (4) Sanitization: The skill providesescapeStringandserializePropValueto help sanitize and format data correctly during generation. - [Package Reference]: The documentation mentions the
@json-render/codegenpackage. This is a standard library reference for the code generation functionality described and is consistent with the skill's intended purpose.
Audit Metadata