call-reminder

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill's runtime prompt and CLI bootstrap explicitly default to a pinned npx command ("npx -y @call-e/cli@"), which at scheduled run time would fetch and execute remote code from the npm registry and therefore is a runtime external dependency that executes remote code.