hyperframes-read-first

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches external product/site URLs (crawled with headless Chrome) and GitHub PR links (github.com///pull/, read via the gh CLI) at runtime and injects the scraped content/assets into the workflow to drive prompts and composition decisions, so these runtime fetches directly control the agent's behavior.