devcontainer-creator

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires fetching and using remote container images and feature packages such as ghcr.io/devcontainers/features/common-utils:2 and mcr.microsoft.com/devcontainers/base:ubuntu during devcontainer build/start, which are fetched at runtime and execute installation scripts / code inside the container, so these URLs are runtime external dependencies that execute remote code.