skills/levnikolaevich/claude-code-skills/ln-831-oss-replacer/Snyk

ln-831-oss-replacer

Warn

Audited by Snyk on Apr 26, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching missing reference files via WebFetch from a public GitHub raw URL (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}) and marks those shared/references files as "MANDATORY READ", so the agent will ingest and act on untrusted third-party content from that public repository.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to fetch required reference files if missing via https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}, and those "MANDATORY READ" documents directly influence agent behavior and decision flow, so this external raw.githubusercontent URL is a runtime dependency that can control prompts/instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 26, 2026, 01:34 PM

Issues

2