sysdig-posture

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires the Sysdig MCP server to be registered/run at runtime via an npx invocation (e.g. npx -y @sysdig/secure-mcp-server, which fetches and executes code from the npm registry such as https://registry.npmjs.org/@sysdig/secure-mcp-server) and the MCP tools it exposes are used live by the skill, so remote code is fetched-and-executed and is a required runtime dependency.