First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
4
Score
100/100
Findings (4)
Detects pip install of arbitrary packages that modify the host environment
pip install dePin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.
Likely FP if the match is in documentation showing how to install the skill's own PyPI package.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/echology-io/decompose/blob/main/src/decompose/mcp_server.py#L19-L49).Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects skills where user-provided URLs are consumed and processed by the agent
fetch user-specified URLValidate and sanitize user-provided URLs before fetching them. Implement URL allowlisting, block private/internal IP ranges, and treat fetched content as untrusted data.
Likely FP if the skill is a web browser or URL fetcher where consuming user-provided URLs is the documented core feature with appropriate sandboxing.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/echology-io/decompose/blob/main/.github/workflows/publish.yml))Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.