Skills
skills/metyatech/skill-code-quality-setup/code-quality-setup/Snyk

code-quality-setup

Warn

Audited by Snyk on Apr 9, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's agent-ruleset.json points to an external git source ("github:metyatech/agent-rules@HEAD") which compose-agentsmd is required to fetch at runtime to regenerate AGENTS.md, and that fetched rules content directly controls agent instructions, so the external repo URL is a runtime-controlled instruction source.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 07:48 AM
Issues
1