slide

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches the live style list at runtime from the relay (default RELAY_URL=https://api.rebyte.ai via https://api.rebyte.ai/api/styles) and then downloads arbitrary style bundles from the returned bundle_url values (curl "$BUNDLE_URL" -o /tmp/style.zip; unzip -d ~/.slide-styles/), whose manifest/snippets are used as authoritative design instructions that directly control generation—so the https://api.rebyte.ai/api/styles (and the bundle_url downloads it returns) are a required runtime dependency that can change agent prompts/instructions.