skills/event-catalog/skills/code-to-catalog/Snyk

code-to-catalog

Warn

Audited by Snyk on May 26, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.70). The skill (via the handoff to catalog-documentation-creator) may run npx to fetch and execute remote code—e.g., "npx @eventcatalog/create-eventcatalog@latest" (see https://www.npmjs.com/package/@eventcatalog/create-eventcatalog) which is a runtime fetch-and-execute of external code.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 26, 2026, 12:51 PM

Issues

1

Security Audit — snyk — code-to-catalog