hyperframes-media
Warn
Audited by Snyk on Jul 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's bgm generation path installs Python packages at runtime (pipInstall of transformers/torch/google-genai etc.) which fetches and installs code from PyPI (https://pypi.org) and then spawns Python processes that execute that installed code (scripts/lib/bgm.mjs → pipInstall(...) and detached python3 runs), so it clearly fetches and executes remote code during runtime.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata