quicktype
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- DATA_EXFILTRATION (HIGH): The script allows the agent to read arbitrary files from the local filesystem by passing a file path to the quicktype command. Sensitive files like credentials or SSH keys could be exposed if processed by the tool.
- COMMAND_EXECUTION (HIGH): The skill provides a file-write capability via the --out argument in quicktype.py. An attacker could command the agent to overwrite sensitive files like ~/.bashrc or other configuration files with the output of a transformation.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill recommends a global installation of the quicktype package, which is an unverifiable third-party dependency.
- INDIRECT PROMPT INJECTION (HIGH): (Evidence Chain) 1. Ingestion: quicktype.py accepts URLs as input for the file argument. 2. Boundary markers: None present. 3. Capability inventory: subprocess.run to execute the CLI and open().write() to write files. 4. Sanitization: No sanitization of URL content or output paths is performed.
Recommendations
- AI detected serious security threats
Audit Metadata