starwind-pro

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires running remote-install commands like "npx starwind@latest init --pro" (which fetch and execute code from the npm registry) and configures a runtime package registry URL "https://pro.starwind.dev/r/{name}" for fetching Pro components, so external content is fetched and executed at runtime.