agent-debugger

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes runtime installers that fetch and execute remote packages (e.g., "npx -y agent-debugger" and the auto-install of debugpy via pip during attach), which means it will download and run external code from npm/PyPI at runtime.