deployment
Warn
Audited by Snyk on Jun 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's workflows explicitly pull and execute remote GitHub Actions at runtime (e.g., https://github.com/digitalocean/app_action referenced as uses: digitalocean/app_action/deploy@v2 and actions/checkout@v4) and also documents running a debug container image pulled from GHCR (ghcr.io/bikramkgupta/do-app-debug-container-python:latest), both of which fetch and execute remote code during runs.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata