First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
8
Score
77/100
Findings (8)
Detects skills fetching external URLs to use as runtime instructions
fetch template from: https://raw.githubusercontent.com + rulesPin the downloaded resource to a specific version or commit hash, and verify its integrity with a checksum (SHA-256). Avoid fetching scripts or binaries from arbitrary URLs at runtime.
Likely FP if the download URL points to a well-known CDN or package registry (e.g., npmjs.com, pypi.org) and is pinned to a specific version.
Detects patterns that check for tool existence and install if missing
If not found, fetchReplace conditional download-and-install logic with explicit dependency declarations in a manifest file (package.json, requirements.txt). Verify checksums for any runtime downloads.
Likely FP if the conditional install is documentation showing standard prerequisite checks (e.g., checking if a tool is installed before installing it).
Detects URLs fetched at runtime that control or influence agent behavior without pinning
fetch template from: https:// + templateAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.
Detects references to raw.githubusercontent.com on mutable branches like main/master
raw.githubusercontent.com/CrankAddict/section-11/main/Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects references to raw.githubusercontent.com on mutable branches like main/master
raw.githubusercontent.com/CrankAddict/section-11/main/Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects references to raw.githubusercontent.com on mutable branches like main/master
raw.githubusercontent.com/CrankAddict/section-11/main/Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects references to raw.githubusercontent.com on mutable branches like main/master
raw.githubusercontent.com/CrankAddict/section-11/main/Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects patterns where external API responses are used directly without validation or sanitization
API keys, LLM chat histories, or any user data + automatically unless the useValidate and sanitize all data received from external APIs before using it in tool operations or agent prompts. Implement schema validation and treat API responses as untrusted input.
Likely FP if the match is a truncated table cell or documentation fragment that mentions API responses in a descriptive context, not actual unvalidated data processing.