ln-830-code-modernization-coordinator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs that if shared/ is missing it should "fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}", and it also marks several shared/references/*.md as "MANDATORY READ", meaning the agent will fetch and interpret public GitHub raw content (untrusted third‑party content) as part of its runtime behavior which can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs that if shared/ is missing it will WebFetch required reference files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those mandated reads (runtime contracts/protocols) directly influence agent prompts/behavior, so this is a runtime external dependency that can control instructions.