ln-626-dead-code-auditor
Warn
Audited by Snyk on Apr 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to WebFetch files from the public GitHub raw URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) when local shared/ is missing, and those publicly-hosted, user-authored reference files are marked as MANDATORY READs that the agent must parse and which directly influence audit rules, scoring, and subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill instructs at runtime to fetch mandatory reference files if local
shared/is missing via https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched documents (audit contracts/templates/checklists) directly control the agent's prompts and behavior, making this a required remote dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata