ln-913-community-debater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 0 and mandatory-read steps require loading shared/references/* (e.g., community_github_discovery.md) and explicitly state that if those files are missing they will be fetched via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path}, meaning the agent ingests public GitHub-hosted, user-generated content which it then uses to shape discussion composition and publishing actions—exposing it to untrusted third-party input that could alter behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill declares that if the local shared/ files are missing it will fetch required "MANDATORY READ" documents at runtime from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/{path}, and those fetched files directly dictate prompt structure and workflow (i.e., they control instructions), so this is a runtime external dependency that can control the agent.