baoyu-format-markdown

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's scripts/autocorrect.ts calls spawnSync("npx", ["autocorrect-node", "--fix", filePath"]) which at runtime will fetch and execute the remote npm package (via the npm registry, e.g. https://registry.npmjs.org/) — this is a runtime fetch that executes remote code and the formatter relies on it for the default spacing/autocorrect step.