building-nextjs-apps

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The SKILL instructs installing and running an external MCP tool via "npx next-devtools-mcp@latest" (also shown in the settings.json command args), which will fetch and execute remote code at runtime and is described as a required runtime devtools MCP the skill uses for diagnostics/automation.