makepad-deployment

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes build/install commands that fetch and run remote code (thus executing it) from Git repositories required for packaging—for example, cargo install --git https://github.com/project-robius/robius-packaging-commands.git and cargo install --git https://github.com/makepad/makepad.git (and a git dependency on https://github.com/makepad/makepad), so these URLs are used at runtime to obtain and execute required third-party code.