create-plugin

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The provided scripts call npx to fetch and execute remote npm packages at runtime (e.g., npx @red-hat-developer-hub/cli@latest — see https://www.npmjs.com/package/@red-hat-developer-hub/cli), which runs remote code as a required step for export/scaffold, so this is a runtime external dependency that executes remote code.