skills/levnikolaevich/claude-code-skills/ln-130-tasks-docs-creator/Snyk

ln-130-tasks-docs-creator

Warn

Audited by Snyk on Apr 6, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs (top of SKILL.md) to fetch fallback files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} and also mandates reading externally-fetched reference files (e.g., references/questions.md), so it will ingest public GitHub content that can influence validation, prompts, and editing logic.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill explicitly states that if shared/ is missing it will fetch required reference files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those "MANDATORY READ" documents are used to drive validations, placeholder handling, and interactive prompt behavior—meaning remote content directly controls agent instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 6, 2026, 10:22 AM

Issues

2