os-inbox

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs git commands at runtime (git fetch origin and git ls-tree origin/main inbox/) which fetch files from the configured git remote "origin" (i.e., the origin repository URL such as git@github.com:org/repo.git or https://github.com/org/repo.git), and those fetched inbox/os-*.md files directly control agent prompts/instructions and are required for the skill to operate.