dataworks-open-api

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches runtime metadata that directly controls available APIs/tools from URLs such as https://next.api.aliyun.com/meta/v1/products/{PRODUCT_CODE}/versions/{API_VERSION}/api-docs.json and https://dataworks.data.aliyun.com/pop-mcp-tools (and the help-doc page https://help.aliyun.com/zh/dataworks/developer-reference/api-dataworks-public-2024-05-18-overview), and those remote JSON/tool definitions are consumed at runtime to drive API discovery and the agent's toolset/instructions.