bg-music

Fail

Audited by Snyk on Jul 8, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The GitHub and Hugging Face links point to expected project and model repositories (low risk), but the direct shell installer https://astral.sh/uv/install.sh is a remote .sh script referenced for curl | sh installation — a high-risk pattern because executing remote installer scripts can deliver malware or escalate compromise.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 8, 2026, 03:28 AM
Issues
2
Security Audit — snyk — bg-music