iblai-landing

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running runtime installer commands like "npx shadcn@latest add button card accordion table badge separator" (and similar "npx shadcn@latest add @shadcn-space/…") which fetch packages from the npm registry and execute remote installer scripts at runtime, and those commands are presented as required steps for implementation, so they constitute a runtime external dependency that can execute remote code.