agenticskills
Fail
Audited by Snyk on Jun 27, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). These URLs point to an unverified third‑party GitHub repository and its raw install.sh intended to be piped to bash, which permits arbitrary code execution and is a common malware distribution vector unless you review and pin the exact commit.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly directs runtime execution of remote code via "curl -fsSL https://raw.githubusercontent.com/akillness/oh-my-gods/main/install.sh | bash", which fetches and executes an upstream installer that the skill relies on to perform the bundle install.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata