qemu-kvm
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The virt-install example uses a runtime HTTP location (http://archive.ubuntu.com/ubuntu/dists/jammy/main/installer-amd64/) which will be fetched during VM creation and runs installer code from the remote source, so it is a runtime external dependency that executes remote code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt directs privileged, system-altering operations (uses sudo, binds PCI devices to vfio, detaches devices, edits kernel boot parameters, uses virsh/virt-install and manages /var/lib/libvirt and /sys) which require root and modify the host machine's hardware/state.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata