beaver-engine

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly reads the Project V2 README at runtime via the gh CLI command "gh project view {number} --owner {org} --format json --jq '.readme'" (i.e., the GitHub Project README at https://github.com/orgs/{org}/projects/{number}), which contains the beaver-config YAML that the skill parses and uses to control its behavior/instructions, so this is a runtime external dependency that can influence the agent.