four-js-development-tools

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs installing and running the Membrane CLI (npm install -g @membranehq/cli@latest), which fetches and installs remote code at runtime and then executes commands that invoke remote actions (i.e., executes remote code / controls agent behavior), so the @membranehq/cli package/registry URL is a required runtime dependency that can execute code.