next-upgrade

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs the agent to WebFetch Next.js upgrade documentation at runtime (e.g., https://nextjs.org/docs/app/building-your-application/upgrading/codemods and the version-specific upgrade pages) and to use that fetched content to determine migration steps, so the external URL(s) are runtime dependencies that directly control the agent's instructions.