bybit-openapi-skill

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime setup/link command explicitly fetches the curated OpenAPI schema from https://raw.githubusercontent.com/holon-run/uxc/main/skills/bybit-openapi-skill/references/bybit-v5.openapi.json, a required runtime dependency whose fetched JSON directly defines the CLI/API operations (thereby controlling the agent's instruction/operation surface), so it meets the criteria for a risky external control URL.