firebase-remote-config-basics

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes npx -y firebase-tools@latest (which fetches and executes code from the npm registry at runtime) and directs installing the Swift package from https://github.com/firebase/firebase-ios-sdk.git, both of which are runtime-fetched code dependencies required for the skill to operate and thus can execute remote code.