ui-widget-developer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires running MCP Inspector against the MCP server URL (e.g., npx @modelcontextprotocol/inspector@0.20.0 --cli https:///mcp or https://my-mcp-server.example.com) at runtime to fetch complete tool/resource definitions which are then copied into mcpPlugin.json and directly determine agent tool behavior and prompts.