angular-developer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill documents an MCP server that the agent may invoke at runtime (via running "npx @angular/cli mcp", which fetches and executes remote npm code) and explicitly exposes a tool that searches/fetches documentation from https://angular.dev, meaning https://angular.dev (and the npx @angular/cli mcp invocation) are runtime external dependencies that can be used to inject remote content into the agent's context.