game-engines

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The .codebuddy/mcp.json entries run "npx -y @codergamesters/mcp-unity" and "npx -y @bradypp/godot-mcp" at runtime, which fetch and execute remote npm package code (remote-executed content) that the skill depends on for MCP functionality.