antigravity-firebase

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill invokes npx.cmd -y firebase-tools@latest at runtime (i.e., fetching and executing the firebase-tools package from the npm registry such as https://registry.npmjs.org/firebase-tools), so it fetches and runs remote code as a required dependency.