skills/netresearch/skill-repo-skill/skill-repo/Snyk

skill-repo

Warn

Audited by Snyk on May 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The SR-34 LLM review prompt explicitly directs the runner to fetch and read https://raw.githubusercontent.com/netresearch/skill-repo-skill/main/docs/ARCHITECTURE.md at runtime to determine CI workflow behavior, meaning an external URL is fetched during skill runtime and its content directly controls the review instructions.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 12, 2026, 04:59 PM

Issues

1