quicktype
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's CLI accepts arbitrary HTTP/HTTPS URLs as the "file" argument (see scripts/quicktype.py parser and the check that only distinguishes URLs by startswith("http://","https://")) and passes that URL to quicktype to fetch and generate types, so it directly ingests and interprets untrusted public web content.
Audit Metadata