dotnet-biome

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs running npx/npm to install and run the @biomejs/biome package (fetched at runtime from the npm registry, e.g. https://registry.npmjs.org/@biomejs/biome or https://www.npmjs.com/package/@biomejs/biome), which would download and execute remote code and is relied on by the workflow.