skills/levnikolaevich/claude-code-skills/ln-621-security-auditor/Snyk

ln-621-security-auditor

Warn

Audited by Snyk on May 7, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch missing shared/ files via WebFetch from the public URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, which is an open third‑party source that the agent must read and whose contents can materially influence its audit decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs that if shared/ is missing it must fetch required reference files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched documents are mandatory reads that directly control the agent's audit behavior and prompts.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 7, 2026, 06:33 AM

Issues

2