skills/levnikolaevich/claude-code-skills/ln-720-structure-migrator/Snyk

ln-720-structure-migrator

Warn

Audited by Snyk on Mar 23, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to fetch files via WebFetch from the public GitHub URL https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path}, meaning the agent will ingest and act on public, user-controlled content that can influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs a runtime WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path} (used when shared/ is missing) to load required reference and the "MANDATORY READ" meta_analysis_protocol.md, so external content fetched at runtime can directly control agent prompts/output and is a required dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 23, 2026, 06:29 PM

Issues

2