harness-evolve

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill invokes "npx -y @metaharness/darwin@~0.3.1 metaharness-darwin evolve …" at runtime, which fetches and executes remote code from the npm registry (package @metaharness/darwin) and therefore runs external content that directly controls the skill's behavior.