Penpot Uiux Design

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start instructs cloning and running https://github.com/penpot/penpot-mcp.git (git clone + npm install + npm run bootstrap), which fetches and executes remote code to run the MCP server that the skill requires at runtime and that enables mcp__penpot__execute_code (remote code execution) — therefore this external URL is a runtime dependency that can execute code.