skills/getsentry/sdk-skills/span-convention-review/Snyk

span-convention-review

Warn

Audited by Snyk on Apr 28, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime WebFetch to retrieve live Sentry and OTel convention pages (e.g., https://develop.sentry.dev/sdk/telemetry/traces/modules/ai-agents/ and https://opentelemetry.io/docs/specs/semconv/gen-ai/), and those fetched documents are required at runtime and directly control the agent's review prompts/behavior.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 28, 2026, 07:57 PM

Issues

1