frontend

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly instructs runtime fetching and execution of remote code (e.g., npx grab@latest, npx react-doctor@latest, npx react-scan@latest; runtime script tags loading //unpkg.com/react-grab/dist/index.global.js and //unpkg.com/react-scan/dist/auto.global.js; and the setup curl https://astral.sh/uv/install.sh | sh), which would execute remote code and install agent-linked tooling the skill treats as a required dev-time dependency.