travel-companion

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires running the remote package via "npx @aizzie/cli@latest" which fetches and executes code from the @aizzie/cli npm package at runtime, so external content can directly control prompts/execution.