skills/levnikolaevich/claude-code-skills/ln-402-task-reviewer/Snyk

ln-402-task-reviewer

Warn

Audited by Snyk on Apr 25, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). This skill explicitly falls back to fetching reference files via WebFetch from the public URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} when local shared/ is missing, and those externally loaded "MANDATORY READ" reference files are parsed and used to drive review decisions and verdicts.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill explicitly says if local shared/ is missing to fetch files at runtime via https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those mandatory "MANDATORY READ" reference files are loaded at runtime to drive the agent's review instructions and behavior, so this is a runtime external dependency that directly controls agent prompts.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 25, 2026, 07:28 PM

Issues

2