skills/fradser/dotclaude/design-md/Snyk

design-md

Warn

Audited by Snyk on Jun 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill mandates running the remote package via "npx @google/design.md@latest spec --rules" at runtime to fetch an authoritative spec that is then injected into agent prompts and treated as canonical, so external content fetched from npm directly controls prompts and is a required dependency.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 16, 2026, 05:42 AM

Issues

1

Security Audit — snyk — design-md