portal

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs users to fetch and execute remote installers at runtime (e.g., curl -fsSL https://dl.google.com/android/cli/latest/linux_x86_64/install.sh | bash and the macOS variant https://dl.google.com/android/cli/latest/darwin_arm64/install.sh | bash, plus a direct NDK download https://dl.google.com/android/repository/android-ndk-r29-darwin.zip and runtime npx execution of metavr), which run remote code and are presented as required setup steps.