Skills
skills/nexu-io/open-design/od-contribute/Snyk

od-contribute

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill clones and reads from the live Open Design repo at runtime (git clone https://github.com/nexu-io/open-design.git) and also fetches repository content via the GitHub API (e.g. repos/nexu-io/open-design/contents/.github/ISSUE_TEMPLATE/bug-report.yml) which are required runtime fetches whose content (templates/issue schema) directly controls generated PR/issue bodies and agent behavior.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 09:21 PM
Issues
1
Security Audit — snyk — od-contribute