json-flat-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The tool explicitly reads arbitrary JSON from stdin or files (read_json and parse_value/@file) and the SKILL.md workflow even shows piping curl (e.g., "curl https://api.example.com/data | ... jstool ..."), so untrusted public/user-generated JSON can be ingested and used (e.g., schema inference, find, merge/set operations that modify files), which could materially influence its behavior or subsequent file changes.