aistro

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs node scripts and instructs "npm install" at runtime which fetches and installs packages from the npm registry (e.g. https://registry.npmjs.org/circular-natal-horoscope-js/-/circular-natal-horoscope-js-1.1.0.tgz), and those packages are executed by the scripts (imported and run), satisfying runtime fetch + remote code execution + required dependency.