neon-postgres

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching Neon docs at runtime (e.g., https://neon.com/docs/llms.txt) and to load markdown pages (e.g., https://neon.com/docs/introduction/branching.md) as the “source of truth,” meaning external content would be fetched during runtime and injected into the agent context to directly control prompts/responses.