Skills
AGENT LAB: SKILLS
skills/vercel-labs/json-render/json-render-react/Gen Agent Trust Hub

json-render-react

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • SAFE (SAFE): No malicious patterns detected. The file contains documentation and usage examples for a legitimate React UI rendering library.
  • Indirect Prompt Injection (LOW): The library renders UI based on JSON specs which could potentially come from untrusted sources (e.g., via useUIStream). This creates a vulnerability surface for indirect prompt injection within the UI context.
  • Ingestion points: Untrusted JSON specs passed to the Renderer component or fetched via useUIStream.
  • Boundary markers: None explicitly defined in the provided file, though Zod schemas are used to validate component props.
  • Capability inventory: The skill allows UI rendering, state mutation (setState), and event emitting (emit). It lacks file system, network (exfiltration), or subprocess capabilities.
  • Sanitization: Uses Zod for strict prop validation, preventing malformed data from reaching components.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:58 PM