Skills
skills/yasserstudio/gpc-skills/gpc-user-management/Snyk

gpc-user-management

Warn

Audited by Snyk on Apr 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill invokes npx at runtime (e.g., "npx gpc --version" in scripts/detect_gpc.mjs and "npx @gpc-cli/cli" in CI examples), which will fetch and execute packages from the npm registry (https://registry.npmjs.org) so remote code is fetched-and-run as a required dependency.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 06:40 PM
Issues
1