ln-722-backend-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to "fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}" when shared/ is missing, meaning the agent will retrieve and interpret public GitHub-hosted content as part of its workflow, which could inject instructions or change generation behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). At runtime the skill explicitly falls back to WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} to load missing shared/reference files that contain generation rules and templates which directly influence the agent's prompts/instructions, making this a required external dependency that can control behavior.