ln-150-presentation-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly falls back to fetching documentation via WebFetch from the public URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path} (see top of SKILL.md), and those remote Markdown files are read, parsed, and injected into templates during Phase 1 and Phase 6—meaning arbitrary public (untrusted) content can directly influence what the agent builds and how it proceeds.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The SKILL explicitly says it will fetch missing templates via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path} at runtime, and those fetched files can include the build-presentation.js which the skill runs (node build-presentation.js), so remote content is fetched during runtime and executed.