health
Warn
Audited by Snyk on May 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). collect-data.sh can invoke npx to fetch/run the external skills package "tw93/Waza" (e.g. "npx skills add tw93/Waza -a claude-code -g -y" and "npx skills path tw93/Waza"), which at runtime may download and execute remote skill scripts that directly control agent instructions — a required dependency when local helper scripts are not present.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata