skills/vinta/hal-9000/second-opinions/Snyk

second-opinions

Warn

Audited by Snyk on Apr 22, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs runtime installation of Gemini CLI extensions from GitHub (e.g. https://github.com/gemini-cli-extensions/code-review and https://github.com/gemini-cli-extensions/security), which fetch and install remote code that alters the CLI's behavior and thus can directly control prompts/execution used by the skill.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 22, 2026, 06:08 AM

Issues

1