100Critical
The skill allows arbitrary code execution and state manipulation through
Behavior Analysis
Description verified — behavior matches claim
Claims to do
@json-render/next: Next.js renderer that converts JSON specs into full Next.js applications with routes, pages, layouts, metadata, and SSR support.
Actually does
This skill provides a TypeScript library (`@json-render/next`) that enables developers to define Next.js application structures (routes, layouts, metadata, pages) using a JSON-like specification. It offers functions like `createNextApp` and components such as `Page` and `NextAppProvider` to render this specification within a Next.js application, supporting server-side rendering, data loading, and client-side navigation. It does not directly call external tools, access data, run commands, or contact URLs itself, but facilitates these actions within the generated Next.js application.
Skill Info
Namevercel-labs/json-render/next
Registrygithub
Version14873b8de451
PURLpkg:github/vercel-labs/json-render@14873b8de451?skill=next
Stars14,582
Installs249
Source
SHA-2561891c3cfa24a...
SHA-1b01d897abcb7...
MD5980daf645611...
TLSHa3c1b4902031...
ssdeep96:5tC7pfjXe...
Size5,625 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (3)
AI Agent Traps ↗Arbitrary Server-Side Code Execution via Loaderscriticalcommand execution
The skill allows defining server-side asynchronous functions (`loaders`) that execute arbitrary code before rendering. If an attacker can influence the `spec` (e.g., via AI prompt injection), they can inject malicious code into these loaders, leading to command execution or data exfiltration.
100% confidenceline 78
loaders: { loadPost: async ({ slug }) => { const post = await getPost(slug as string); return { post }; } }AI-Generated Code Supply Chain Riskhighsupply chain
The skill is designed for 'AI-generated multi-page applications' and provides a `schema` for 'AI catalog generation'. This implies an AI might produce the `NextAppSpec`, creating a supply chain vulnerability where a compromised AI could generate malicious `loaders` or configurations.
90% confidenceline 3
description: 'creating AI-generated multi-page applications.', 'schema -- Custom schema for Next.js apps (for AI catalog generation)'
Potential for State Manipulation/Poisoningmediummemory poisoning
The skill allows defining and manipulating global application state via the `state` field and built-in actions (`setState`, `pushState`, `removeState`). If an attacker can inject into the `spec` or control action parameters, they could poison the application's state, leading to data corruption or unintended behavior.
80% confidenceline 100
`state`: Global initial state shared across all routes, Built-in Actions: `setState`, `pushState`, `removeState`
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/vercel-labs/json-render/next)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/vercel-labs/json-render/next"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/json-render/next.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/json-render/next.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow