Skills
skills/levnikolaevich/claude-code-skills/ln-832-bundle-optimizer/Snyk

ln-832-bundle-optimizer

Warn

Audited by Snyk on Apr 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching missing shared files from a public raw GitHub URL ("If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}") and marks shared reference docs as "MANDATORY READ", so the agent will load and act on externally hosted, public content that can influence runtime decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 23, 2026, 12:08 AM
Issues
1