Skills
skills/metyatech/skill-code-quality-setup/code-quality-setup/Snyk

code-quality-setup

Warn

Audited by Snyk on Mar 2, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill requires running compose-agentsmd which uses the agent-ruleset source "github:metyatech/agent-rules@HEAD" (e.g., Source: github:metyatech/agent-rules@HEAD/rules/global/agent-rules-composition.md) at session start to fetch/regenerate AGENTS.md, so remote GitHub content is fetched at runtime and directly controls agent rules/instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 01:28 AM