skills/levnikolaevich/claude-code-skills/ln-002-session-analyzer/Snyk

ln-002-session-analyzer

Warn

Audited by Snyk on Apr 26, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching missing shared files via WebFetch from the public raw GitHub URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) and mandates reading shared/references/meta_analysis_protocol.md, so it ingests publicly-hosted, user-editable content that will directly influence analysis decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches runtime content from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} (used when shared/ is missing and including the MANDATORY read shared/references/meta_analysis_protocol.md), and that fetched content directly controls agent instructions/output formatting, making it a required runtime dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 26, 2026, 01:34 PM

Issues

2