reel

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's CI examples fetch and install a VHS binary at runtime via the URL pattern "https://github.com/charmbracelet/vhs/releases/download/v${VHS_VERSION}/vhs_${VHS_VERSION}_linux_amd64.tar.gz" (curl ... | tar xz), which downloads and executes remote code as a required dependency in the recording workflow, so it meets the criteria for a runtime external code-execution dependency.