mem-init

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill installs/runs remote code at runtime via the npx command "npx @codevoyant/agent-kit mem remember" (npm package https://www.npmjs.com/package/@codevoyant/agent-kit), which the .claude hook will auto-execute and which directly loads/injects team knowledge into the agent context—therefore it fetches and executes external code that controls prompts.