skills/aradotso/security-skills/sparkfinderoven-r01-security-compliance-skills/Snyk

sparkfinderoven-r01-security-compliance-skills

Fail

Audited by Snyk on May 29, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.70). Moderate-to-high risk: the package instructs cloning/running code from two GitHub repos owned by unfamiliar individual accounts (low‑reputation GitHub sources are common vectors for malicious scripts), while the other links (ara.so, your-org.atlassian.net, and the Slack webhook) are not direct downloads but include a sensitive webhook placeholder that should be treated as a secret.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Hidden Unicode characters detected (1 type(s) found)

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W021

MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata

Risk Level

CRITICAL

Analyzed

May 29, 2026, 05:15 PM

Issues

2

Security Audit — snyk — sparkfinderoven-r01-security-compliance-skills