setup-putior-ci
Warn
Audited by Snyk on Mar 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The GitHub Actions workflow fetches and executes remote code at runtime — it installs the R package via install.packages("putior") (fetched from CRAN https://cran.r-project.org) and uses external actions (actions/checkout@v4 and r-lib/actions/setup-r@v2 which are retrieved from GitHub https://github.com/actions/checkout and https://github.com/r-lib/actions.setup-r) that run code, and the skill relies on putior for its functionality.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata