gitops-workflow
Warn
Audited by Snyk on Apr 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill includes commands that fetch and execute remote content at runtime—e.g., curl -s https://fluxcd.io/install.sh | sudo bash and kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml—and also relies on Git repository URLs (https://github.com/org/gitops-repo, https://github.com/org/my-app, etc.) that ArgoCD/Flux will pull and apply, which constitutes executing remote code and required external dependencies.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes an explicit "curl ... | sudo bash" installation command that requests sudo privileges to modify the local system, so it instructs privileged state-changing actions on the machine.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata