skills/levnikolaevich/claude-code-skills/ln-811-performance-profiler/Snyk

ln-811-performance-profiler

Warn

Audited by Snyk on May 6, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs fetching mandatory "shared/references/*" files via WebFetch from the public raw.githubusercontent.com URL when local files are missing, so the agent will ingest and act on third-party (public GitHub) content that can influence profiling decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly says that if shared/ is missing it will fetch required runtime guidance via https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those fetched "MANDATORY READ" reference files directly control profiling/instrumentation instructions used at runtime.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 6, 2026, 10:02 PM

Issues

2