prisma-compute

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill spawns package-runner commands at runtime (e.g., "bunx @prisma/cli@latest" and the CREATE_PRISMA_PACKAGE default "create-prisma@latest" invoked via npx/bunx in scripts/verify-compute-surface.mjs), which fetch and execute remote npm package code and whose output is used to drive agent decisions, so these external package specifiers are runtime dependencies that execute remote code.