Skills
skills/halt-catch-fire/skills/javascript-sdk/Snyk

javascript-sdk

Warn

Audited by Snyk on Jun 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill example includes a skill entry that points to an external document URL (https://example.com/skills/api-docs.md), which is very likely fetched at runtime and injected as reusable agent context (thereby directly controlling prompts), so this external URL is a runtime dependency that can control the agent.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 02:15 AM
Issues
1
Security Audit — snyk — javascript-sdk