video-gen

Fail

Audited by Snyk on Jul 4, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). The URL is a direct raw.githubusercontent.com link to an install.sh (recommended to be run via curl | sh) from a non-major GitHub account/repo, which makes it high-risk because executing a remote shell script runs arbitrary code and the source may be untrusted or typosquatting.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill’s stack prerequisites include an install command that fetches and immediately executes remote code (curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh), which is a required/default engine installation and therefore represents a runtime-adjacent external dependency that executes remote code.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 4, 2026, 10:56 PM
Issues
2
Security Audit — snyk — video-gen