skills/levnikolaevich/claude-code-skills/ln-628-concurrency-auditor/Snyk

ln-628-concurrency-auditor

Warn

Audited by Snyk on Apr 24, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md requires mandatory reads of shared/references/* and explicitly instructs fetching missing files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, so the agent will ingest public GitHub-hosted (untrusted) content that can influence its audit reasoning and outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly states that if the local shared/ directory is missing it will WebFetch required "MANDATORY READ" reference files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched templates/contracts directly control the agent's prompts and outputs, so remote content can alter agent instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 24, 2026, 07:48 AM

Issues

2