migrate-oxlint

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running the migration tool via npx (@oxlint/migrate) which fetches and executes remote package code (repository referenced at https://github.com/oxc-project/oxlint-migrate), making it a required runtime dependency that executes remote code.