google-adk-python

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent to fetch raw GitHub files at runtime (e.g. https://raw.githubusercontent.com/google/adk-docs/refs/heads/main/docs/mcp/index.md) via web_fetch or curl to load documentation/code into the agent context, which can directly inject remote prompts/instructions or supply executable code and is treated as a required runtime dependency.