semaphore

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and using the Membrane CLI (e.g. https://www.npmjs.com/package/@membranehq/cli) which is fetched as remote code and at runtime calls Membrane services to build and run actions (remote code execution that can influence agent behavior), so this external dependency can directly execute remote code and affect prompts/instructions.