skills/shipshitdev/library/readme-sync/Snyk

readme-sync

Fail

Audited by Snyk on Apr 22, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.75). This URL points to an unfamiliar third‑party domain and an account name with no established reputation, and the skill prompt encourages using npx to fetch/run packages (which executes remote code), so it could be used to distribute malware.

Issues (1)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

Audit Metadata

Risk Level

CRITICAL

Analyzed

Apr 22, 2026, 07:31 AM

Issues

1