triage

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires runtime calls to ReadMcpResourceTool to fetch shiplight://yaml-test-spec-v1.3.0 and shiplight://schemas/action-entity, which are required external resources whose fetched content directly informs and controls the agent's test-writing/instruction behavior.