text-agent-to-nova-sonic-voice
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The README includes a Kiro sample prompt that tells the skill to fetch and parse a GitHub URL at runtime (https://github.com/strands-agents/samples/blob/main/python/04-industry-use-cases/finance/personal-finance-assistant/lab3-multi-agent-orchestration.ipynb), and that fetched content is described as being used to extract the system prompt and tools which directly control the generated voice-agent prompts — a runtime fetch that can alter agent instructions.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata