Skills
skills/pivanov/ai-skills/ask-json/Gen Agent Trust Hub

ask-json

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch the @pivanov/claude-wire package. This is a vendor-owned resource provided by the author to support the skill's functionality.
  • [COMMAND_EXECUTION]: Instructions direct the agent to execute the claude-wire CLI tool via Bash to process user prompts and JSON schemas.
  • [REMOTE_CODE_EXECUTION]: The use of npx involves downloading and executing remote code from a versioned npm package. This is the intended distribution method for the vendor's tool.
  • [PROMPT_INJECTION]: The skill processes untrusted input. 1. Ingestion points: User input passed via --prompt and data read from --schema-file or stdin. 2. Boundary markers: None explicitly defined. 3. Capability inventory: The tool performs an LLM call via the vendor's API but has no access to the local file system or network for tool use. 4. Sanitization: Output is strictly validated against a JSON schema.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 09:58 PM