ln-120-reference-docs-creator
Warn
Audited by Snyk on Apr 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). This skill explicitly falls back to fetching required shared templates and rules from a public GitHub raw URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) when local shared/ is missing, and those fetched files are "MANDATORY READ" and contain agent-facing metadata (SCOPE tags, NO_CODE_EXAMPLES, justification rules, MCP hints) that the agent parses to decide what ADRs/guides/manuals to create — therefore untrusted third-party content can materially influence agent decisions and tool use.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs at runtime to fetch templates via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched templates/contracts are loaded and used to drive document-generation logic and agent instructions, so this is a runtime external dependency that can directly control prompts.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata