prd
Warn
Audited by Snyk on Mar 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The README includes a direct install command that fetches and executes remote code at runtime via curl -fsSL https://raw.githubusercontent.com/codesoda/make-prd/main/install.sh | bash (and that installer then git-clones https://github.com/codesoda/make-prd.git), so running it executes remote content required for installation.
Audit Metadata