ln-1000-pipeline-orchestrator
Warn
Audited by Snyk on Apr 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The orchestrator explicitly auto-discovers and parses user-controlled kanban and project files (docs/tasks/kanban_board.md and the target project's CLAUDE.md) and will WebFetch fallback files from raw.githubusercontent.com, and it uses the extracted content to determine target stage, business/technical decisions, and which Skill() actions to invoke—so untrusted third‑party content can directly influence runtime actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The SKILL explicitly falls back at runtime to WebFetch files from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} when shared/ is missing, and those fetched "MANDATORY READ" reference files directly drive orchestration rules and agent behavior, so this remote content can control prompts/instructions during execution.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata