tts-voiceover

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's wrappers call "uv sync" during initialization which will fetch and install Python packages from PyPI (e.g. https://files.pythonhosted.org/packages/… as listed in uv.lock), causing remote code to be downloaded and executed as required dependencies for runtime.