agent-native-mcp-architecture

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The cadence/ecliptic skills call an external Gemini REST API at runtime (via scripts like scripts/gemini-edit-plan.sh, using a GEMINI_API_KEY obtained from https://aistudio.google.com/apikey) and consume the remote model's EditPlan JSON to build and run FFmpeg filter/commands, so the fetched external content directly controls instructions that are executed locally.