augment

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The installer explicitly re-downloads Python packages (e.g., mlx-audio from PyPI) and model weights from the Hugging Face repo (https://huggingface.co/mlx-community/Kokoro-82M-bf16) at runtime, which involves fetching and installing remote code/assets that will be executed/used locally.