jobs-create-profile
Fail
Audited by Snyk on Jun 17, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.95). These are raw shell and PowerShell installer scripts hosted in an unverified GitHub repo and the skill instructs piping them directly into bash/PowerShell (curl|bash and irm|iex), a high-risk pattern that can execute arbitrary code and is commonly used to distribute malware.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill will at runtime fetch and execute remote installer scripts (curl -fsSL https://raw.githubusercontent.com/solid-company/solid-jobs-skills/main/scripts/install-sjctl.sh | bash and irm https://raw.githubusercontent.com/solid-company/solid-jobs-skills/main/scripts/install-sjctl.ps1 | iex), so external code from raw.githubusercontent.com is executed and required to provide the sjctl dependency.
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata