andocs
Warn
Audited by Snyk on Mar 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime fetch-and-execute dependencies: the installer command "curl -fsSL https://bun.sh/install | bash" (fetches and executes remote code) and Andocs auto-injecting the Tailwind CDN script "https://cdn.jsdelivr.net/npm/@tailwindcss/browser@4" into prototype iframes (remote script executed at runtime), both of which are required for the skill to run.
Audit Metadata