dynamo-recipe-runner

Fail

Audited by Snyk on Jun 18, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Two of the links (Intigriti page and the local 127.0.0.1 smoke-test endpoint) are low risk, but the GitHub repo and its releases (ai-dynamo) are third‑party distribution points that can host executable assets and should be treated as potentially suspicious until you verify the repository/account reputation, release contents, and cryptographic signatures.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to patch local recipe YAMLs and run kubectl apply/port-forward (and related cluster-mutating commands), which mutate the local repository and remote cluster state and therefore push the agent to change the machine/cluster state.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 18, 2026, 04:34 PM
Issues
2
Security Audit — snyk — dynamo-recipe-runner