image-gen

Fail

Audited by Snyk on Jul 8, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). One URL (https://astral.sh/uv/install.sh) is a direct .sh installer fetched via curl|sh — a high-risk distribution pattern for arbitrary code — while the other links point to official GitHub/Hugging Face repos that are low-risk model/package sources.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill README and setup reference an installer command that fetches and pipes a remote script to sh (https://astral.sh/uv/install.sh), which — if executed during setup — would run remote code on the host.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 8, 2026, 03:28 AM
Issues
2
Security Audit — snyk — image-gen