ln-646-project-structure-auditor
Warn
Audited by Snyk on Apr 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching missing reference files via WebFetch from the public raw.githubusercontent.com URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) and mandates loading those external reference documents as part of its audit workflow, meaning publicly-hosted, user-controlled content will be read and can materially influence decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches shared reference files at runtime via https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched docs are “MANDATORY READ” rules that directly control the agent’s audit logic and instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata