analyze-agent-usage

Fail

Audited by Snyk on Jun 17, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The raw.githubusercontent.com link is a direct install.sh (an executable shell script) from a GitHub user and is risky to curl|bash without verifying the author's reputation and script contents, while the generic github.com/org/repo URL is not itself an executable; together this is a suspicious download source unless you validate the repo and inspect the script first.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's installation step instructs running curl -fsSL https://raw.githubusercontent.com/srbouffard/arok/main/install.sh | bash, which fetches and immediately executes remote code at runtime and is a required setup dependency for the skill.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 17, 2026, 08:07 PM
Issues
2
Security Audit — snyk — analyze-agent-usage