unjs-unifont

Warn

Audited by Snyk on Jun 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The required workflow for this skill is to resolve fonts via providers (e.g., providers.npm() / providers.google()), which at runtime fetches remote font/package metadata and/or font files from external sources (public web/CDN or npm registries) and ingests their readable text (e.g., JSON/HTML/metadata) into the agent’s LLM context via the tool’s returned results/logs—an outsider-authored free-text path.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 12:11 AM
Issues
1
Security Audit — snyk — unjs-unifont