video-script
Warn
Audited by Snyk on Jun 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to a third-party chat/completions endpoint (e.g. https://api.xiaomimimo.com/v1 -> normalized to .../chat/completions and token-plan variants like https://token-plan-cn.xiaomimimo.com/v1) via api_call/urllib at runtime to obtain LLM responses (used by review.py and other flows), so external content directly influences agent outputs/decisions.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata