multi-surface-render
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a collection of documentation and architectural rules for using the json-render library. It does not contain executable malicious code or instructions to bypass safety filters.
- [SAFE]: Ingestion of external rendering specifications is mitigated by the mandatory use of a shared catalog defined with Zod schemas, which ensures that only valid, predefined component types and props are processed.
- [SAFE]: No evidence of data exfiltration, credential harvesting, or obfuscation was found. The code examples demonstrate standard use of rendering APIs such as react-pdf and react-email.
- [SAFE]: The skill explicitly advises against insecure patterns such as using full-browser environments like Puppeteer for server-side PDF or image generation, recommending lightweight native rendering libraries instead.
Audit Metadata