AGENT LAB: SKILLS

transcript-fixer

Fail

Audited by Snyk on Feb 15, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). Yes — two of the links are direct install scripts (install.sh and install.ps1) hosted on an unrecognized domain (astral.sh) and promoted with curl | sh / PowerShell | iex (classic high-risk remote-install pattern); open.bigmodel.cn may be an API portal but does not mitigate the danger of running unreviewed remote scripts, so this combination is suspicious.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 08:28 PM