session-commit
Warn
Audited by Snyk on Mar 8, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The README includes explicit runtime/install-time fetches of remote prompt/command files that would directly control agent behavior (e.g., curl to https://raw.githubusercontent.com/olshansk/agent-skills/main/skills/session-commit/commands/session-commit.md and gemini's install from https://github.com/olshansk/agent-skills), so external content can be fetched and injected as agent instructions.
Audit Metadata