cloudcannon-configuration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly tells agents to "WebFetch the relevant TS file first" and lists runtime-ready raw GitHub URLs such as https://raw.githubusercontent.com/CloudCannon/configuration-types/main/src/configuration.ts which the agent would fetch and whose contents directly inform prompts/instructions, so this is a runtime external dependency controlling agent behavior.