ln-831-oss-replacer
Warn
Audited by Snyk on May 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching missing shared references via WebFetch from the public URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} and marks several of those shared/reference files as "MANDATORY READ," meaning the agent will ingest and act on untrusted, user-hosted GitHub raw content that can materially change replacement decisions and tool actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill declares a runtime WebFetch fallback to https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} to load mandatory "shared/references/..." documents (notably marked "MANDATORY READ"), so remote content from that URL is fetched at runtime and directly influences agent behavior/instructions as a required dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata