detour-onboarding

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly tells the agent to fetch live README files at runtime (for example https://github.com/software-mansion-labs/android-detour/blob/main/README.md and similar repo README URLs for iOS, React Native and Flutter), so external GitHub content would be fetched during runtime and used to control the agent's instructions/responses.