ai-image-generation

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs remote packages via npx (e.g., "npx -y image-skill@latest" and "npx skills add danielgwilson/image-skill-cli"), which fetches and executes remote npm code at runtime and also invokes the hosted API https://api.image-skill.com, so external code and remote endpoints are required and could directly control prompts or behavior.