dynamo-recipe-runner
Fail
Audited by Snyk on Jun 18, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). Two of the links (Intigriti page and the local 127.0.0.1 smoke-test endpoint) are low risk, but the GitHub repo and its releases (ai-dynamo) are third‑party distribution points that can host executable assets and should be treated as potentially suspicious until you verify the repository/account reputation, release contents, and cryptographic signatures.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to patch local recipe YAMLs and run kubectl apply/port-forward (and related cluster-mutating commands), which mutate the local repository and remote cluster state and therefore push the agent to change the machine/cluster state.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata