mcp-server-orchestrator

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime commands that fetch and run remote packages (e.g., "npx -y @modelcontextprotocol/server-filesystem" and "pip install fastmcp"), which will execute remote code and can supply tools/prompts to agents, so these runtime fetches are external dependencies that can control prompts/execute code.