gitnexus-impact-analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's mcp.json runs "npx -y gitnexus@latest mcp" (which fetches and executes remote npm code) and the workflow uses the runtime URI gitnexus://repo/{name}/processes, so the skill depends on and executes externally-fetched code (gitnexus@latest and gitnexus://repo/{name}/processes).