ln-512-tech-debt-cleaner
Warn
Audited by Snyk on Apr 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill explicitly falls back to fetching files from the public raw.githubusercontent.com URL when shared/ is missing and requires "MANDATORY READ" of several shared/references files (e.g., mcp_tool_preferences.md, clean_code_checklist.md, ci_tool_detection.md) which the agent must parse and which directly influence verification, tool choice, and edit/apply decisions, exposing it to untrusted third-party content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to fetch required "shared" reference files via https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched documents are labeled "MANDATORY READ" (they directly guide verification and editing behavior), so remote content would control agent instructions at runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata