ln-201-opportunity-discoverer
Warn
Audited by Snyk on Apr 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill's mandatory workflow repeatedly instructs the agent to run WebSearch queries (SEO/YouTube/Reddit/forum/competitor/ad searches) and to WebFetch fallback files from raw.githubusercontent.com, meaning it ingests untrusted public web and user-generated content (search results, forum/posts, YouTube comments, competitor pages) that the agent must interpret to make kill/selection decisions and drive follow-up actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill contains an explicit runtime fetch: "If
shared/is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}", which will load mandatory "shared/" reference/runtime contract files at runtime and thus can directly control agent prompts/behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata