Base Node

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The catalog's install.command ("npx skills add base/base-skills") will fetch and execute a remote npm package during installation, so it is a runtime external dependency that can execute remote code (package fetched from the npm registry via the npx command).