read-whatsapp-export

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup script explicitly runs git clone https://github.com/ggerganov/whisper.cpp.git and builds that repository (and downloads its model), which is fetched at setup/runtime and subsequently executed by the transcribe scripts as a required dependency, creating a clear remote-code-execution dependency.