The Agent Skills Directory

[DATA_EXFILTRATION]: The skill defines 'load_data' and 'submit' actions that allow an AI agent to generate UI specs capable of making network requests. These actions can be used to transmit application state data to arbitrary external URLs, presenting a risk of data exfiltration if the agent is directed to use an untrusted endpoint.
[PROMPT_INJECTION]: The skill documentation claims to be a 'Vercel Labs' project and references a sync with 'vercel-labs/json-render', which is a trusted organization. However, the reference links consistently point to a personal GitHub repository ('github.com/nicholasgriffintn/json-render') which is not verified as a trusted source. This identity inconsistency could lead to a misjudgment of the skill's safety.
[COMMAND_EXECUTION]: The skill implements a dynamic expression system using '$computed', '$template', and '$cond' keys. This system allows the assembly and evaluation of logic at runtime based on the contents of the generated spec, which could enable complex, unintended behaviors if the spec generation process is manipulated.
[PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by processing untrusted data to generate interactive specs with network capabilities. While Zod schemas provide prop validation, the destinations for network actions and the logic of state transitions are determined by the data spec, allowing for malicious instructions to influence the agent's operations.

json-render-catalog