NYC

test-automation-expert

Warn

Audited by Snyk on Feb 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The CircleCI config includes a runtime command that fetches and executes remote code via bash <(curl -s https://codecov.io/bash), meaning that at runtime the skill's CI pipeline will execute code downloaded from https://codecov.io/bash.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 08:57 PM