skills/levnikolaevich/claude-code-skills/ln-722-backend-generator/Snyk

ln-722-backend-generator

Warn

Audited by Snyk on Mar 30, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the skill to fetch missing shared/ files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, so the agent will ingest public GitHub content (third‑party/untrusted) that directly informs generation rules and can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill will, at runtime, fetch shared generation files from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those remote files are used as generation templates/rules that directly influence the agent's prompts/instructions if local copies are missing.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 30, 2026, 12:52 PM

Issues

2