ln-623-code-principles-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly falls back to fetching required reference files via WebFetch from the public URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path} and lists many "MANDATORY READ" references (e.g., references/detection_patterns.md, refactoring_decision_tree.md) that the agent must load and interpret to drive detection logic and recommendations, so it ingests public third-party content that can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill declares that if local shared/ files are missing it will WebFetch mandatory reference files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched "MANDATORY READ" documents (detection_patterns.md, refactoring_decision_tree.md, etc.) directly control the auditor's rules/instructions, so this is a runtime external dependency that can change agent behavior.