edgeone

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime examples instruct executing remote code via "npx -y mcporter" which downloads and runs the mcporter package and calls the endpoint mcp-on-edge.edgeone.app/mcp-server.deploy-html, so the external package (mcporter via npm) and the URL mcp-on-edge.edgeone.app are fetched/used at runtime and can execute remote code.