bootstrap

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes a runtime command "npx shadcn@latest add button card ..." which fetches and executes remote package code from the npm registry (remote code run at runtime and relied upon to establish the UI baseline), so it is a required external runtime dependency that can execute remote code.