skill-repo
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's LLM-review prompt (SR-34) explicitly instructs fetching and reading external raw content at https://raw.githubusercontent.com/netresearch/skill-repo-skill/main/docs/ARCHITECTURE.md at runtime (which would inject externally-hosted instructions into the model's context), and the repo also mandates calling reusable GitHub Actions via uses: netresearch/skill-repo-skill/.github/workflows/validate.yml@main which executes remote workflow code during CI — both are runtime dependencies that can control prompts or execute code.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata