skills/levnikolaevich/claude-code-skills/ln-770-crosscutting-setup/Snyk

ln-770-crosscutting-setup

Warn

Audited by Snyk on Mar 23, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching missing shared files via WebFetch from the public URL pattern https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path} and requires a MANDATORY READ of shared/references/meta_analysis_protocol.md, meaning it ingests public, user-hosted content that can influence execution and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill states that if shared/ is missing it will fetch files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path} and also mandates loading shared/references/meta_analysis_protocol.md, meaning externally fetched content would directly control agent instructions at runtime.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 23, 2026, 05:02 PM

Issues

2