jq-json-processing
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference for the jq utility. All provided commands and examples are standard for JSON querying, filtering, and transformation. There are no signs of obfuscation, data exfiltration, or malicious intent.- [INDIRECT_PROMPT_INJECTION]: The skill involves processing data from external sources (such as API responses from curl or file contents), which theoretically allows for indirect prompt injection if the processed data contains instructions interpreted by the agent. However, this is an inherent characteristic of data processing tools rather than a specific vulnerability in the skill itself.
- Ingestion points: JSON data from files (SKILL.md) and stdin from external commands.
- Boundary markers: None present.
- Capability inventory: Bash(jq), Bash(cat), Read, Write, Edit, Grep, Glob.
- Sanitization: No explicit sanitization or instruction to ignore embedded commands is provided.
Audit Metadata