submit-weekly-quiz

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent to run "git clone https://github.com/zxkane/english-weekly-quiz.git" (and/or npx install from that URL) at runtime and then execute shipped scripts like scripts/open-pr.sh, so remote repository content would be fetched and can execute code that controls the submit flow.