orca-per-workspace-env

Warn

Audited by Snyk on Jul 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The provided scripts read and clone the repository at runtime from the repo URL (e.g. "https://host/org/repo.git") and then build and run its code (pnpm builds and pnpm exec orca-dev serve), so external repository content fetched during runtime directly controls executed code and is a required dependency.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 1, 2026, 05:13 AM
Issues
1
Security Audit — snyk — orca-per-workspace-env