skills/levnikolaevich/claude-code-skills/ln-912-community-announcer/Snyk

ln-912-community-announcer

Warn

Audited by Snyk on Mar 23, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches repository reference files via a public raw.githubusercontent.com fallback and instructs checking/reading the last 3 GitHub Discussions announcements (public, user-generated content) as part of the mandatory workflow, which the agent must read and use to decide announcement style—exposing it to untrusted third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches required shared files at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path}, and those fetched templates/checklists are used to control the agent's prompt/content generation, so this is a runtime external dependency that can change agent instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 23, 2026, 08:00 PM

Issues

2