parallel-worktrees

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup command "npx skills add -g onsager-ai/dev-skills --skill parallel-worktrees -a claude-code -y" fetches and executes the remote npm package onsager-ai/dev-skills (e.g. from the npm registry https://registry.npmjs.org/onsager-ai/dev-skills) at runtime, which satisfies fetching remote code that can execute and control agent behavior.