callstack-best-practices

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Re.Pack code-splitting example includes a runtime resolver that fetches executable chunks from a remote URL (e.g., https://assets.example.com/app/v42/settings.chunk.bundle), which would load and execute remote code at runtime.