backup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the storage endpoint (http://sc-agent-backup.internal:8080, configurable via BACKUP_STORAGE_URL) at runtime to download backup bundles which include api/profile.json and api/settings.json that the agent applies (affecting prompts/identity) and filesystem artifacts (e.g., setup.sh, tasks, restored skills) that can be written back and executed—so this runtime-fetched URL can directly control prompts and enable execution.