mem2

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs the external package via runtime commands like "npx @codevoyant/agent-kit mem ..." (including in .claude hook and all command steps), which fetches and executes remote code and directly supplies content that is injected into the agent's context/prompt, and the skill relies on this as a required dependency.