skills/yasserstudio/gpc-skills/gpc-ci-integration/Snyk

gpc-ci-integration

Fail

Audited by Snyk on Apr 26, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.90). Suspicious: this is a raw GitHub-hosted shell install script (install.sh) from an unverified user/repo (yasserstudio/gpc) and is commonly used with curl|bash which runs arbitrary remote code — verify provenance, inspect the script, and prefer pinned releases or official package channels before executing.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a remote install script at runtime via curl -fsSL https://raw.githubusercontent.com/yasserstudio/gpc/main/scripts/install.sh | bash, which fetches and immediately executes remote code as a required installation option for the standalone-binary CI flow.

Issues (2)

E005

CRITICAL

Suspicious download URL detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

CRITICAL

Analyzed

Apr 26, 2026, 05:30 AM

Issues

2