kmsg

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install script (scripts/install.sh) fetches and installs a remote executable from https://github.com/channprj/kmsg/releases/latest/download/kmsg-macos-universal at runtime (curl -> save -> chmod +x -> executed for verification), so this URL supplies required external code that will be executed locally.