ln-161-skill-creator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt does not ask for user-supplied credentials, but it mandates preserving executable shell/code blocks and copying source content verbatim into generated commands, so if the source docs contain API keys, tokens, or passwords the LLM would reproduce them verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches fallback files from a public GitHub raw URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) when local shared/ files are missing, and those fetched documents (procedural extraction rules, templates) are mandatorily read and used to drive transformation, allowed-tools detection, and command creation—allowing untrusted third-party content to influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly declares that if shared/ is missing it will fetch required files at runtime via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched templates/rules (procedural extraction rules and command templates) directly control prompt/instruction generation for the agent.