capgo-release-management

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). Flagged because the skill invokes remote code at runtime with "npx @capgo/cli@latest" (which fetches and executes the @capgo/cli package from the npm registry) and the skill's bundle upload workflow depends on that execution.