kami-document-design

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes installation commands that fetch and install the skill from the external repository (tw93/kami) — e.g. "npx skills add tw93/kami" and the Releases URL https://github.com/tw93/kami/releases — which will download remote code that defines the skill's prompts/behavior and may execute code during install, so I flag https://github.com/tw93/kami/releases (and the tw93/kami package) as a runtime external dependency controlling agent instructions.