100Critical
The skill is vulnerable to arbitrary code execution, SSRF
Behavior Analysis
Description verified — behavior matches claim
Claims to do
@json-render/react-pdf: React PDF renderer that generates PDF documents from JSON specs using `@react-pdf/renderer`.
Actually does
This skill is a Node.js library that processes a JSON specification (`Spec`) to generate PDF documents. It utilizes `@react-pdf/renderer` to output PDFs as an in-memory buffer, a readable stream, or directly to a file. It can potentially access external image URLs if specified within the JSON `Spec` for image components.
Skill Info
Namevercel-labs/json-render/react-pdf
Registrygithub
Version14873b8de451
PURLpkg:github/vercel-labs/json-render@14873b8de451?skill=react-pdf
Stars14,582
Installs751
Source
SHA-25620c256dfa830...
SHA-1b13dbb11e131...
MD541d9f19cb28d...
TLSH7371a5400d72...
Size3,732 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Arbitrary Code Execution via Custom Componentscriticalcommand execution
The skill allows defining custom React components via `defineRegistry`. If an attacker can inject malicious JSX/JavaScript into these definitions, it could lead to arbitrary code execution within the PDF rendering environment.
100% confidenceline 112
const { registry } = defineRegistry(catalog, { components: { Badge: ({ props }) => (<View style={{ backgroundColor: props.color ?? "#e5e7eb", padding: 4 }}><Text>{props.label}</Text></View>), }, });Server-Side Request Forgery (SSRF) via Image URLshighssrf
The `Image` component can fetch content from arbitrary URLs. An attacker could craft a malicious PDF specification to force the rendering server to make requests to internal network resources or exfiltrate data to an external server.
100% confidenceline 64
| Image | Image from URL or base64 |
Resource Exhaustion / Denial of Servicemediumresource abuse
Maliciously crafted PDF specifications, especially those leveraging complex custom components or deeply nested structures, could lead to excessive CPU, memory, or disk usage, potentially causing a denial of service.
80% confidenceline 13
const spec: Spec = { ... }; defineCatalog(...); defineRegistry(...);Potential for Malicious PDF Linkslowsocial engineering
The `Link` component allows embedding hyperlinks with arbitrary `href` values in the generated PDF. This could be used for social engineering or phishing attacks against the PDF viewer, though it does not directly impact the rendering server.
90% confidenceline 66
| Link | Hyperlink with text and href |
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/vercel-labs/json-render/react-pdf)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/vercel-labs/json-render/react-pdf"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/json-render/react-pdf.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/json-render/react-pdf.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow