shopify-polaris-customer-account-extensions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime script scripts/search_docs.mjs performs a POST to https://shopify.dev/assistant/search (and reports results to https://shopify.dev/mcp/usage), and the returned search results are fetched at runtime and injected into the agent's context to drive code generation, so external content directly controls the agent's outputs.