ln-913-community-debater
Warn
Audited by Snyk on May 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's Phase 0 "MANDATORY READ" steps and the top-level fallback explicitly instruct the agent to fetch public files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} and to load target-repository docs, meaning it ingests untrusted, user-generated GitHub content that can materially influence decisions (repo IDs, categories, discussion text, and publishing actions).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches required "MANDATORY READ" files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched documents (formatting, discovery, humanizer checklist) directly control the agent's prompt/instruction generation, so remote content can alter or control behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata