shopify-polaris-app-home

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's required runtime call to scripts/search_docs.mjs performs a network fetch to https://shopify.dev/assistant/search (and reports to https://shopify.dev/mcp/usage), and the returned search results are mandatory input used to drive the agent's code-generation instructions, so this external URL directly controls prompts at runtime.