autoresearch

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CI workflow in the skill explicitly runs runtime installs that fetch and execute remote code — e.g. git clone https://github.com/uditgoenka/autoresearch.git (then copies/installs skill files) and npm install -g @anthropic-ai/claude-code — which would load/execute external code that can alter agent behavior, so this is a runtime external dependency that controls prompts/code execution.