sauve-jazz-extension
Warn
Audited by Snyk on Mar 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's opencode command will run a shell installer at runtime using: curl -fsSL https://raw.githubusercontent.com/Alcyone-Labs/skill-forge/main/install.sh | bash -s -- sauve-jazz-extension, which fetches remote code and immediately executes it, making it a high-confidence runtime dependency that can run arbitrary code.
Audit Metadata