gsd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directs users to run the upstream installer (npx get-shit-done-cc --opencode --global) which fetches and executes remote npm package code tied to https://github.com/gsd-build/get-shit-done, so external content would be executed and can directly control agent behavior.