igniteui-angular-theming

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires running an external MCP server fetched/started at runtime via "npx -y igniteui-theming igniteui-theming-mcp" (i.e., code pulled from the npm registry such as https://registry.npmjs.org/igniteui-theming) which will execute remote code and provide tool endpoints the agent relies on, so this is a runtime external dependency that can directly affect agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs the agent to automatically configure the MCP server—including writing files and starting a local server process itself (and insists not to ask the user to do it manually)—which requires modifying the host environment and thus pushes the agent to change the machine's state.