building-mobile-apps
Warn
Audited by Snyk on Jun 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs running runtime install commands (e.g.,
npx --yes skills add forcedotcom/SalesforceMobileSDK-Templates,npx --yes skills add salesforce/AgentforceMobileSDK-iOS,npx --yes skills add salesforce/AgentforceMobileSDK-Android) which fetch child-skill code from the GitHub repos (https://github.com/forcedotcom/SalesforceMobileSDK-Templates, https://github.com/salesforce/AgentforceMobileSDK-iOS, https://github.com/salesforce/AgentforceMobileSDK-Android) and then load that external content to take over prompts/workflow, meeting the criteria for a runtime external dependency that controls agent instructions.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata