ln-511-code-quality-checker

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly scans for and reports "hardcoded creds" and produces structured issue reports/Linear comments without any redaction rules, so it may need to include secret literals verbatim when showing offending credentials—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly mandates fetching external public content—e.g., a fallback WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} and required MCP Ref validation via ref_search_documentation/query-docs—which the agent must read and which can materially influence analysis and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to "fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}" when shared/ is missing, and those fetched reference files are marked MANDATORY READ and used to drive the agent's decision logic and prompts, so this URL is a runtime external dependency that controls agent instructions.