ship-app

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime setup script invokes remote package installs and execution (notably "npx @react-native-community/cli init", which pulls and runs code from the npm registry) and also runs npm install, pod install, and fastlane init, so it fetches and executes external code as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running sudo-level installs (e.g., sudo gem install cocoapods / sudo gem install fastlane) and automates build/signing/upload steps that modify system state and access credentials, so it asks the agent to perform privileged system changes.