fwrule-analyzer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The SKILL specifies installing and running an MCP server from a remote git URL (pip install git+https://github.com/akshaysiddaram/fwrule-mcp.git) which fetches external code that is then executed at runtime (uv run fwrule-mcp) and is presented as a required dependency, so it can directly affect agent behavior.