ln-523-auto-test-planner
Warn
Audited by Snyk on Apr 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly falls back to fetching "shared/" reference files from the public URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} and marks several of those files (e.g., shared/references/risk_based_testing_guide.md, research_tool_fallback.md, environment_state_contract.md) as "MANDATORY READ" that the agent must parse and use to drive planning and delegation, so it ingests untrusted public GitHub-hosted content that can materially influence behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly falls back to fetching mandatory reference files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched docs/templates are required and used to control the agent's planning/instruction logic.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata