hostc-public-preview

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "npx hostc@latest 3000" (which at runtime fetches and executes the external npm package code from the registry — and can point to a remote HOSTC_SERVER_URL like https://hostc.example.com), so remote code is fetched and executed as a required dependency.