nexus-vote
Warn
Audited by Snyk on May 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). At runtime the skill explicitly fetches the org's PHASE.md via the GitHub API (e.g. https://api.github.com/repos/<org.github_org>/.github/contents/profile/PHASE.md using
gh api ... | base64 -d) and uses that document to directly guide/evaluate voting instructions, so the remote content controls agent behavior.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata