shopify-polaris-admin-extensions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime scripts call out to https://shopify.dev (e.g., POST to https://shopify.dev/assistant/search and reporting to https://shopify.dev/mcp/usage) and the skill mandates using the returned search results before writing code, so fetched remote content is retrieved at runtime and can directly influence the agent's generated prompts/instructions.