skills/heldinhow/awesome-opencode-dev-skills/awesome-copilot/Snyk

awesome-copilot

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The SKILL.md explicitly instructs agents to WebFetch runtime instruction files from https://github.com/github/awesome-copilot/raw/refs/heads/main/skills/{skill-name}/SKILL.md, which means external content is fetched at runtime and directly controls agent prompts/instructions.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 15, 2026, 03:23 AM

Issues

1

Security Audit — snyk — awesome-copilot