skills/pivanov/ai-skills/ask-json/Snyk

ask-json

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes "npx @pivanov/claude-wire@^0.1.5" at runtime, which fetches and executes remote npm package code (the ask-json CLI) as a required dependency, so the external package can control prompts/behavior.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 8, 2026, 09:57 PM

Issues

1