skills/levnikolaevich/claude-code-skills/ln-731-docker-generator/Snyk

ln-731-docker-generator

Warn

Audited by Snyk on Apr 1, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching missing shared/ files via WebFetch from the public raw GitHub URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}), meaning the agent will ingest and act on untrusted, user-controlled third-party content (templates) that can materially influence generation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The SKILL.md explicitly says that if shared/ is missing it will fetch templates at runtime via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those remote templates are injected/used to generate the agent's outputs (so they directly control generated instructions/content).

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 1, 2026, 03:05 PM

Issues

2