skills/levnikolaevich/claude-code-skills/ln-520-test-planner/Snyk

ln-520-test-planner

Warn

Audited by Snyk on Apr 7, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the runtime to fetch missing reference files from a public GitHub raw URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) and marks multiple "MANDATORY READ" reference files that the agent must load and act on, meaning untrusted third‑party content can directly influence workflow and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to WebFetch required "shared" reference files from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those "MANDATORY READ" contract files would be fetched at runtime and directly control agent behavior/prompts, so this is a high-confidence runtime dependency that can control instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 7, 2026, 07:48 PM

Issues

2