Skills
skills/levnikolaevich/claude-code-skills/ln-741-linter-configurator/Snyk

ln-741-linter-configurator

Fail

Audited by Snyk on May 7, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The prompt explicitly claims it "Does NOT: Modify source code" but later instructs modifying source (e.g., adding # noqa: C901 and manual file-by-file fixes), which is a deceptive contradiction outside the skill's stated scope.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the worker to fetch missing template files via WebFetch from the public URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, meaning the agent will ingest public, user-hosted content (raw GitHub) that is untrusted and can alter configuration and runtime actions (templates, install commands, lint scripts) used by the skill.

Issues (2)

E004
CRITICAL

Prompt injection detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 7, 2026, 03:01 PM
Issues
2