Local PDF Index Builder

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's install instructions fetch and install remote code via uv tool install git+https://github.com/allenai/asta-plugins.git@v$PLUGIN_VERSION, and that plugin-provided code is required and invoked at runtime (e.g., asta pdf-extraction remote in extract-pdfs.sh), so remote code is fetched/installed and subsequently executed as part of the skill pipeline.