ln-644-dependency-graph-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching missing shared/ reference files from the public raw.githubusercontent.com URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) and requires "MANDATORY READ" of those externally-sourced docs which the agent parses to drive architecture detection, rules, metrics and follow-up actions, so untrusted third-party content can directly influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches runtime reference files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched documents are "MANDATORY READ" rules/templates that directly control the auditor's behavior (instructions for detection, rules, and report templates) and are relied on when local shared/ is missing, so this is a runtime external dependency that controls agent behavior.