orca-per-workspace-env
Warn
Audited by Snyk on Jul 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The provided scripts read and clone the repository at runtime from the repo URL (e.g. "https://host/org/repo.git") and then build and run its code (pnpm builds and pnpm exec orca-dev serve), so external repository content fetched during runtime directly controls executed code and is a required dependency.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata