spartan

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP usage clearly allows runtime fetching/execution: it suggests running "npx -y @spartan-ng/mcp" (which downloads and executes an npm package) and calling the MCP endpoints or https://www.spartan.ng/components/ to fetch component docs/code examples that are injected into the agent's context and can directly control prompts/behavior.