deslop

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Tool Installation Policy explicitly runs remote installs that fetch and execute code at runtime (e.g. go install honnef.co/go/tools/cmd/staticcheck@latest and go install golang.org/x/tools/cmd/deadcode@latest), so these external module URLs are runtime dependencies the skill relies on.