skills/levnikolaevich/claude-code-skills/ln-634-test-coverage-auditor/Snyk

ln-634-test-coverage-auditor

Warn

Audited by Snyk on Apr 24, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch missing reference files via WebFetch from a public GitHub raw URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) and marks those shared/references files as MANDATORY READ, so runtime behavior will ingest third‑party content that can materially influence scanning and reporting decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill states that if local shared/ is missing it will WebFetch runtime files from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched reference/template files are "MANDATORY READ" items that will be injected into the agent's context and directly control its instructions behavior.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 24, 2026, 07:48 AM

Issues

2