copilotkit-upgrade

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime configs that connect to external agent/endpoints (e.g., LangGraphAgent url "http://localhost:8000" / remote endpoint "http://localhost:8000/copilotkit" and an MCP SSE transport "http://localhost:3001/sse"), which are used at runtime to stream agent events and behavior that directly control prompts/agent actions.