indexion-sdd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The setup instructs running "npx cc-sdd@latest --codex-skills --lang en --yes", which downloads and executes remote package code at runtime (providing the cc-sdd agent/skills that control prompts), and the workflow depends on it as a required dependency.