compile
Warn
Audited by Snyk on Apr 6, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The headless compile script (scripts/compile.sh) makes runtime calls to external LLM endpoints—e.g. https://api.anthropic.com/v1/messages and https://api.openai.com/v1/chat/completions—and writes the model responses directly into .agents/compiled articles, so remote responses can directly control agent-visible instructions/content.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata