mobile-platform-offline-validate

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The runner script (scripts/run-komaci.sh) will run "npm install" at first run to fetch and install the pinned packages (@salesforce/eslint-plugin-lwc-graph-analyzer and eslint) from the npm registry (https://registry.npmjs.org) and then executes the installed eslint binary from scripts/node_modules, so remote code is fetched and executed at runtime.