nemotron-speech
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill contains runtime curl calls that fetch function IDs from the NVIDIA cloud functions API (https://api.nvcf.nvidia.com/v2/nvcf/functions?visibility=public,authorized), and those fetched IDs are used directly in client commands/metadata at runtime (i.e., they control the agent's invocation parameters), meeting the criteria for an external runtime dependency.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs running a privileged command ("Run
sudo chown 1000:1000 $LOCAL_NIM_CACHE") that modifies host filesystem ownership, which requests sudo-level changes to the machine state.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata