skills/levnikolaevich/claude-code-skills/ln-633-test-value-auditor/Snyk

ln-633-test-value-auditor

Warn

Audited by Snyk on Apr 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to fetch missing shared/ files via WebFetch from a public raw GitHub URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) and also has multiple "MANDATORY READ" steps for shared/reference files, so it will read and act on untrusted public repository content that can materially influence scoring and decision logic.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly says to fetch required "shared" reference files at runtime via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those "MANDATORY READ" files (contracts/templates) are required dependencies that would directly control prompts/instructions, so this is a high-risk runtime external dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 13, 2026, 05:48 PM

Issues

2