ln-628-concurrency-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly instructs the agent to WebFetch mandatory "shared" reference files from a public GitHub raw URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}), which are untrusted third‑party files the worker must read and which can materially influence detection, scoring, and reporting behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill will fetch required “shared/references/…” files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched documents are mandatory reads that directly control the worker’s instructions/behavior, so this is a runtime external dependency that influences prompts.