pr-video-receipts

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes the Playwright MCP server at runtime via "npx @playwright/mcp@latest" (https://www.npmjs.com/package/@playwright/mcp), which fetches and executes remote code that registers MCP tools (e.g., browser_start_video/browser_stop_video) that directly control the agent's runtime behavior, and the skill requires this external component.