docmost

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill can install and run remote code at runtime via commands like "npm install -g github:dapi/docmost-cli" (and related "npx skills add dapi/docmost-cli" / "https://github.com/dapi/docmost-cli.git"), which fetches and executes external repository code the skill relies on, satisfying runtime-fetch + execute + required-dependency conditions.