ln-761-secret-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches files from a public GitHub raw URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) and ingests project repository files for scanning, meaning untrusted, user-generated public content is read and used to drive detection, classification, and remediation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches runtime files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched reference files (detection patterns/remediation) directly influence the scanner's behavior and agent instructions, so this is a runtime external dependency that controls prompts/behavior.