ln-642-layer-boundary-auditor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly requires returning file+line+code context and embedding matched code snippets verbatim in reports (and JSON summaries) without any redaction rules, so if secrets exist in the scanned codebase the LLM is forced to reproduce them in output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow includes MANDATORY READs and explicitly instructs a fallback "fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}" when shared/ is missing, meaning it will ingest external, public GitHub raw content and use those documents to build rules that directly influence detection, scoring, and actions—allowing untrusted third-party content to change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches mandatory reference files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched docs (e.g., layer_rules.md, audit_worker_core_contract.md) directly determine the agent's detection rules and reporting logic, so external content controls its behavior.