skills/levnikolaevich/claude-code-skills/ln-614-docs-fact-checker/Snyk

ln-614-docs-fact-checker

Warn

Audited by Snyk on Apr 26, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs using WebFetch to load reference files from the public URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched "MANDATORY READ" documents are parsed and followed to drive verification logic, so untrusted third‑party (public GitHub) content can directly influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to WebFetch required reference files from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those "MANDATORY READ" markdowns directly determine the agent's claim-extraction and verification behavior, so the fetched content can control prompts/logic.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 26, 2026, 01:34 PM

Issues

2