dspy

Fail

Audited by Snyk on Jun 29, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The docs include dynamic code execution patterns (ProgramOfThought that "generates and executes Python code" and multiple uses of eval/exec-like evaluation in example tools), which create clear remote code execution/backdoor risk even though there is no overt data-exfiltration or credential-harvesting code shown.

Issues (1)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 29, 2026, 12:55 AM
Issues
1
Security Audit — snyk — dspy