skills/hitoshura25/claude-devtools/android-ci-tests/Snyk

android-ci-tests

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The GitHub Actions workflow fetches and runs external action code at runtime (e.g. https://github.com/reactivecircus/android-emulator-runner, https://github.com/actions/checkout, https://github.com/android-actions/setup-android), which are required dependencies and result in remote code execution on the runner.

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (high risk: 1.00). The workflow includes a step that runs sudo to write a udev rule at /etc/udev/rules.d and reload udev (modifying system files and requiring root privileges), which explicitly alters the host machine's state.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 16, 2026, 01:31 PM